How to Break Software Security

By Paladion

November 15, 2004

We take a look at the "How to Break Software Security" book by James A. Whittaker & Herbert H. Thompson on software security testing and attack techniques

How to Break Software SecurityThis is the sequel to “How to Break Software: A Practical Guide to Testing”. In this book, James Whittaker and Herbert Thompson introduce software testers to security testing. The book is organized as a sequence of attack techniques like Force the application to use corrupt files and Fake the source of data. For each of the 19 attacks discussed, the authors explain when to apply the attack, the cause of the vulnerability, how to verify if security is compromised and how to perform the attack. The focus is on the hands-on attack itself, and the authors have bundled their testing tool Holodeck version 1.3 in the accompanying CD ROM. The emphasis on using Holodeck does tend to distract one from the underlying testing technique.

In its favor, the book is strong on screen shots and real world examples. The book has several nuggets for the experienced security tester too. For instance, the authors point out that unused command line options from older versions might still be active and vulnerable as they have probably not been tested in the newer versions. This book is a good introduction to security testing for professional software testers.

Tags: Review