Hunting Security Bugs
Download Hunting Security Bugs PDF/ePub or read online books in Mobi eBooks. Click Download or Read Online button to get Hunting Security Bugs book now. This website allows unlimited access to, at the time of writing, more than 1.5 million titles, including hundreds of thousands of titles in various foreign languages.
Hunting Security Bugs
Learn how to think like an attacker--and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released. Discover how to: Identify high-risk entry points and create test cases Test clients and servers for malicious request/response bugs Use black box and white box approaches to help reveal security vulnerabilities Uncover spoofing issues, including identity and user interface spoofing Detect bugs that can take advantage of your program's logic, such as SQL injection Test for XML, SOAP, and Web services vulnerabilities Recognize information disclosure and weak permissions issues Identify where attackers can directly manipulate memory Test with alternate data representations to uncover canonicalization issues Expose COM and ActiveX repurposing attacks PLUS--Get code samples and debugging tools on the Web
A Bug Hunter's Diary
Seemingly simple bugs can have drastic consequences, allowing attackers to compromise systems, escalate local privileges, and otherwise wreak havoc on a system. A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software, like Apple's iOS, the VLC media player, web browsers, and even the Mac OS X kernel. In this one-of-a-kind account, you'll see how the developers responsible for these flaws patched the bugs—or failed to respond at all. As you follow Klein on his journey, you'll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting. Along the way you'll learn how to: –Use field-tested techniques to find bugs, like identifying and tracing user input data and reverse engineering –Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws –Develop proof of concept code that verifies the security flaw –Report bugs to vendors or third party brokers A Bug Hunter's Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you're hunting bugs for fun, for profit, or to make the world a safer place, you'll learn valuable new skills by looking over the shoulder of a professional bug hunter in action.