Author: James A. Whittaker
Publisher: Pearson
ISBN:
Category : Computers
Languages : en
Pages : 218
Book Description
CD-ROM contains: Canned HEAT v.2.0 -- Holodeck Lite v. 1.0.
How to Break Software
Author: James A. Whittaker
Publisher: Pearson
ISBN:
Category : Computers
Languages : en
Pages : 218
Book Description
CD-ROM contains: Canned HEAT v.2.0 -- Holodeck Lite v. 1.0.
Publisher: Pearson
ISBN:
Category : Computers
Languages : en
Pages : 218
Book Description
CD-ROM contains: Canned HEAT v.2.0 -- Holodeck Lite v. 1.0.
How to Break Web Software
Author: Mike Andrews
Publisher: Addison-Wesley Professional
ISBN: 0321657519
Category : Computers
Languages : en
Pages : 241
Book Description
Rigorously test and improve the security of all your Web software! It’s as certain as death and taxes: hackers will mercilessly attack your Web sites, applications, and services. If you’re vulnerable, you’d better discover these attacks yourself, before the black hats do. Now, there’s a definitive, hands-on guide to security-testing any Web-based software: How to Break Web Software. In this book, two renowned experts address every category of Web software exploit: attacks on clients, servers, state, user inputs, and more. You’ll master powerful attack tools and techniques as you uncover dozens of crucial, widely exploited flaws in Web architecture and coding. The authors reveal where to look for potential threats and attack vectors, how to rigorously test for each of them, and how to mitigate the problems you find. Coverage includes · Client vulnerabilities, including attacks on client-side validation · State-based attacks: hidden fields, CGI parameters, cookie poisoning, URL jumping, and session hijacking · Attacks on user-supplied inputs: cross-site scripting, SQL injection, and directory traversal · Language- and technology-based attacks: buffer overflows, canonicalization, and NULL string attacks · Server attacks: SQL Injection with stored procedures, command injection, and server fingerprinting · Cryptography, privacy, and attacks on Web services Your Web software is mission-critical–it can’t be compromised. Whether you’re a developer, tester, QA specialist, or IT manager, this book will help you protect that software–systematically.
Publisher: Addison-Wesley Professional
ISBN: 0321657519
Category : Computers
Languages : en
Pages : 241
Book Description
Rigorously test and improve the security of all your Web software! It’s as certain as death and taxes: hackers will mercilessly attack your Web sites, applications, and services. If you’re vulnerable, you’d better discover these attacks yourself, before the black hats do. Now, there’s a definitive, hands-on guide to security-testing any Web-based software: How to Break Web Software. In this book, two renowned experts address every category of Web software exploit: attacks on clients, servers, state, user inputs, and more. You’ll master powerful attack tools and techniques as you uncover dozens of crucial, widely exploited flaws in Web architecture and coding. The authors reveal where to look for potential threats and attack vectors, how to rigorously test for each of them, and how to mitigate the problems you find. Coverage includes · Client vulnerabilities, including attacks on client-side validation · State-based attacks: hidden fields, CGI parameters, cookie poisoning, URL jumping, and session hijacking · Attacks on user-supplied inputs: cross-site scripting, SQL injection, and directory traversal · Language- and technology-based attacks: buffer overflows, canonicalization, and NULL string attacks · Server attacks: SQL Injection with stored procedures, command injection, and server fingerprinting · Cryptography, privacy, and attacks on Web services Your Web software is mission-critical–it can’t be compromised. Whether you’re a developer, tester, QA specialist, or IT manager, this book will help you protect that software–systematically.
How to Break Software Security
Author: James A. Whittaker
Publisher: Addison-Wesley
ISBN: 9780321194336
Category : Computers
Languages : en
Pages : 185
Book Description
Learn how to destroy security bugs in your software from a tester's point-of-view. It focuses your security test on the common vulnerabilities--ther user interface, software dependencies, design, process and memory. (Midwest)
Publisher: Addison-Wesley
ISBN: 9780321194336
Category : Computers
Languages : en
Pages : 185
Book Description
Learn how to destroy security bugs in your software from a tester's point-of-view. It focuses your security test on the common vulnerabilities--ther user interface, software dependencies, design, process and memory. (Midwest)
Exploratory Software Testing
Author: James A. Whittaker
Publisher: Pearson Education
ISBN: 0321647858
Category : Computers
Languages : en
Pages : 475
Book Description
How to Find and Fix the Killer Software Bugs that Evade Conventional Testing In Exploratory Software Testing, renowned software testing expert James Whittaker reveals the real causes of today’s most serious, well-hidden software bugs--and introduces powerful new “exploratory” techniques for finding and correcting them. Drawing on nearly two decades of experience working at the cutting edge of testing with Google, Microsoft, and other top software organizations, Whittaker introduces innovative new processes for manual testing that are repeatable, prescriptive, teachable, and extremely effective. Whittaker defines both in-the-small techniques for individual testers and in-the-large techniques to supercharge test teams. He also introduces a hybrid strategy for injecting exploratory concepts into traditional scripted testing. You’ll learn when to use each, and how to use them all successfully. Concise, entertaining, and actionable, this book introduces robust techniques that have been used extensively by real testers on shipping software, illuminating their actual experiences with these techniques, and the results they’ve achieved. Writing for testers, QA specialists, developers, program managers, and architects alike, Whittaker answers crucial questions such as: • Why do some bugs remain invisible to automated testing--and how can I uncover them? • What techniques will help me consistently discover and eliminate “show stopper” bugs? • How do I make manual testing more effective--and less boring and unpleasant? • What’s the most effective high-level test strategy for each project? • Which inputs should I test when I can’t test them all? • Which test cases will provide the best feature coverage? • How can I get better results by combining exploratory testing with traditional script or scenario-based testing? • How do I reflect feedback from the development process, such as code changes?
Publisher: Pearson Education
ISBN: 0321647858
Category : Computers
Languages : en
Pages : 475
Book Description
How to Find and Fix the Killer Software Bugs that Evade Conventional Testing In Exploratory Software Testing, renowned software testing expert James Whittaker reveals the real causes of today’s most serious, well-hidden software bugs--and introduces powerful new “exploratory” techniques for finding and correcting them. Drawing on nearly two decades of experience working at the cutting edge of testing with Google, Microsoft, and other top software organizations, Whittaker introduces innovative new processes for manual testing that are repeatable, prescriptive, teachable, and extremely effective. Whittaker defines both in-the-small techniques for individual testers and in-the-large techniques to supercharge test teams. He also introduces a hybrid strategy for injecting exploratory concepts into traditional scripted testing. You’ll learn when to use each, and how to use them all successfully. Concise, entertaining, and actionable, this book introduces robust techniques that have been used extensively by real testers on shipping software, illuminating their actual experiences with these techniques, and the results they’ve achieved. Writing for testers, QA specialists, developers, program managers, and architects alike, Whittaker answers crucial questions such as: • Why do some bugs remain invisible to automated testing--and how can I uncover them? • What techniques will help me consistently discover and eliminate “show stopper” bugs? • How do I make manual testing more effective--and less boring and unpleasant? • What’s the most effective high-level test strategy for each project? • Which inputs should I test when I can’t test them all? • Which test cases will provide the best feature coverage? • How can I get better results by combining exploratory testing with traditional script or scenario-based testing? • How do I reflect feedback from the development process, such as code changes?
Exploiting Software: How To Break Code
Author: Greg Hoglund
Publisher: Pearson Education India
ISBN: 9788131700839
Category :
Languages : en
Pages : 512
Book Description
Publisher: Pearson Education India
ISBN: 9788131700839
Category :
Languages : en
Pages : 512
Book Description
How Google Tests Software
Author: James A. Whittaker
Publisher: Addison-Wesley Professional
ISBN: 0321803027
Category : Computers
Languages : en
Pages : 316
Book Description
2012 Jolt Award finalist! Pioneering the Future of Software Test Do you need to get it right, too? Then, learn from Google. Legendary testing expert James Whittaker, until recently a Google testing leader, and two top Google experts reveal exactly how Google tests software, offering brand-new best practices you can use even if you're not quite Google's size...yet! Breakthrough Techniques You Can Actually Use Discover 100% practical, amazingly scalable techniques for analyzing risk and planning tests...thinking like real users...implementing exploratory, black box, white box, and acceptance testing...getting usable feedback...tracking issues...choosing and creating tools...testing "Docs & Mocks," interfaces, classes, modules, libraries, binaries, services, and infrastructure...reviewing code and refactoring...using test hooks, presubmit scripts, queues, continuous builds, and more. With these techniques, you can transform testing from a bottleneck into an accelerator-and make your whole organization more productive!
Publisher: Addison-Wesley Professional
ISBN: 0321803027
Category : Computers
Languages : en
Pages : 316
Book Description
2012 Jolt Award finalist! Pioneering the Future of Software Test Do you need to get it right, too? Then, learn from Google. Legendary testing expert James Whittaker, until recently a Google testing leader, and two top Google experts reveal exactly how Google tests software, offering brand-new best practices you can use even if you're not quite Google's size...yet! Breakthrough Techniques You Can Actually Use Discover 100% practical, amazingly scalable techniques for analyzing risk and planning tests...thinking like real users...implementing exploratory, black box, white box, and acceptance testing...getting usable feedback...tracking issues...choosing and creating tools...testing "Docs & Mocks," interfaces, classes, modules, libraries, binaries, services, and infrastructure...reviewing code and refactoring...using test hooks, presubmit scripts, queues, continuous builds, and more. With these techniques, you can transform testing from a bottleneck into an accelerator-and make your whole organization more productive!
How to Reduce the Cost of Software Testing
Author: Matthew Heusser
Publisher: CRC Press
ISBN: 1351689096
Category : Business & Economics
Languages : en
Pages : 341
Book Description
Plenty of software testing books tell you how to test well; this one tells you how to do it while decreasing your testing budget. A series of essays written by some of the leading minds in software testing, How to Reduce the Cost of Software Testing provides tips, tactics, and techniques to help readers accelerate the testing process, improve the performance of the test teams, and lower costs. The distinguished team of contributors—that includes corporate test leaders, best paper authors, and keynote speakers from leading software testing conferences—supply concrete suggestions on how to find cost savings without sacrificing outcome. Detailing strategies that testers can immediately put to use to reduce costs, the book explains how to make testing nimble, how to remove bottlenecks in the testing process, and how to locate and track defects efficiently and effectively. Written in language accessible to non-technical executives, as well as those doing the testing, the book considers the latest advances in test automation, ideology, and technology. Rather than present the perspective of one or two experts in software testing, it supplies the wide-ranging perspectives of a team of experts to help ensure your team can deliver a completed test cycle in less time, with more confidence, and reduced costs.
Publisher: CRC Press
ISBN: 1351689096
Category : Business & Economics
Languages : en
Pages : 341
Book Description
Plenty of software testing books tell you how to test well; this one tells you how to do it while decreasing your testing budget. A series of essays written by some of the leading minds in software testing, How to Reduce the Cost of Software Testing provides tips, tactics, and techniques to help readers accelerate the testing process, improve the performance of the test teams, and lower costs. The distinguished team of contributors—that includes corporate test leaders, best paper authors, and keynote speakers from leading software testing conferences—supply concrete suggestions on how to find cost savings without sacrificing outcome. Detailing strategies that testers can immediately put to use to reduce costs, the book explains how to make testing nimble, how to remove bottlenecks in the testing process, and how to locate and track defects efficiently and effectively. Written in language accessible to non-technical executives, as well as those doing the testing, the book considers the latest advances in test automation, ideology, and technology. Rather than present the perspective of one or two experts in software testing, it supplies the wide-ranging perspectives of a team of experts to help ensure your team can deliver a completed test cycle in less time, with more confidence, and reduced costs.
Software Security Engineering
Author: Nancy R. Mead
Publisher: Addison-Wesley Professional
ISBN: 0132702452
Category : Computers
Languages : en
Pages : 368
Book Description
Software Security Engineering draws extensively on the systematic approach developed for the Build Security In (BSI) Web site. Sponsored by the Department of Homeland Security Software Assurance Program, the BSI site offers a host of tools, guidelines, rules, principles, and other resources to help project managers address security issues in every phase of the software development life cycle (SDLC). The book’s expert authors, themselves frequent contributors to the BSI site, represent two well-known resources in the security world: the CERT Program at the Software Engineering Institute (SEI) and Cigital, Inc., a consulting firm specializing in software security. This book will help you understand why Software security is about more than just eliminating vulnerabilities and conducting penetration tests Network security mechanisms and IT infrastructure security services do not sufficiently protect application software from security risks Software security initiatives should follow a risk-management approach to identify priorities and to define what is “good enough”–understanding that software security risks will change throughout the SDLC Project managers and software engineers need to learn to think like an attacker in order to address the range of functions that software should not do, and how software can better resist, tolerate, and recover when under attack
Publisher: Addison-Wesley Professional
ISBN: 0132702452
Category : Computers
Languages : en
Pages : 368
Book Description
Software Security Engineering draws extensively on the systematic approach developed for the Build Security In (BSI) Web site. Sponsored by the Department of Homeland Security Software Assurance Program, the BSI site offers a host of tools, guidelines, rules, principles, and other resources to help project managers address security issues in every phase of the software development life cycle (SDLC). The book’s expert authors, themselves frequent contributors to the BSI site, represent two well-known resources in the security world: the CERT Program at the Software Engineering Institute (SEI) and Cigital, Inc., a consulting firm specializing in software security. This book will help you understand why Software security is about more than just eliminating vulnerabilities and conducting penetration tests Network security mechanisms and IT infrastructure security services do not sufficiently protect application software from security risks Software security initiatives should follow a risk-management approach to identify priorities and to define what is “good enough”–understanding that software security risks will change throughout the SDLC Project managers and software engineers need to learn to think like an attacker in order to address the range of functions that software should not do, and how software can better resist, tolerate, and recover when under attack
Agile Application Security
Author: Laura Bell
Publisher: "O'Reilly Media, Inc."
ISBN: 149193879X
Category : Computers
Languages : en
Pages : 362
Book Description
Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasn't integrated well with traditional security management techniques. And most security professionals aren’t up to speed in their understanding and experience of agile development. To help bridge the divide between these two worlds, this practical guide introduces several security tools and techniques adapted specifically to integrate with agile development. Written by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with agile security, and how they worked to solve them. You’ll learn how to: Add security practices to each stage of your existing development lifecycle Integrate security with planning, requirements, design, and at the code level Include security testing as part of your team’s effort to deliver working software in each release Implement regulatory compliance in an agile or DevOps environment Build an effective security program through a culture of empathy, openness, transparency, and collaboration
Publisher: "O'Reilly Media, Inc."
ISBN: 149193879X
Category : Computers
Languages : en
Pages : 362
Book Description
Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasn't integrated well with traditional security management techniques. And most security professionals aren’t up to speed in their understanding and experience of agile development. To help bridge the divide between these two worlds, this practical guide introduces several security tools and techniques adapted specifically to integrate with agile development. Written by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with agile security, and how they worked to solve them. You’ll learn how to: Add security practices to each stage of your existing development lifecycle Integrate security with planning, requirements, design, and at the code level Include security testing as part of your team’s effort to deliver working software in each release Implement regulatory compliance in an agile or DevOps environment Build an effective security program through a culture of empathy, openness, transparency, and collaboration
Developing Safety-Critical Software
Author: Leanna Rierson
Publisher: CRC Press
ISBN: 1351834053
Category : Computers
Languages : en
Pages : 612
Book Description
The amount of software used in safety-critical systems is increasing at a rapid rate. At the same time, software technology is changing, projects are pressed to develop software faster and more cheaply, and the software is being used in more critical ways. Developing Safety-Critical Software: A Practical Guide for Aviation Software and DO-178C Compliance equips you with the information you need to effectively and efficiently develop safety-critical, life-critical, and mission-critical software for aviation. The principles also apply to software for automotive, medical, nuclear, and other safety-critical domains. An international authority on safety-critical software, the author helped write DO-178C and the U.S. Federal Aviation Administration’s policy and guidance on safety-critical software. In this book, she draws on more than 20 years of experience as a certification authority, an avionics manufacturer, an aircraft integrator, and a software developer to present best practices, real-world examples, and concrete recommendations. The book includes: An overview of how software fits into the systems and safety processes Detailed examination of DO-178C and how to effectively apply the guidance Insight into the DO-178C-related documents on tool qualification (DO-330), model-based development (DO-331), object-oriented technology (DO-332), and formal methods (DO-333) Practical tips for the successful development of safety-critical software and certification Insightful coverage of some of the more challenging topics in safety-critical software development and verification, including real-time operating systems, partitioning, configuration data, software reuse, previously developed software, reverse engineering, and outsourcing and offshoring An invaluable reference for systems and software managers, developers, and quality assurance personnel, this book provides a wealth of information to help you develop, manage, and approve safety-critical software more confidently.
Publisher: CRC Press
ISBN: 1351834053
Category : Computers
Languages : en
Pages : 612
Book Description
The amount of software used in safety-critical systems is increasing at a rapid rate. At the same time, software technology is changing, projects are pressed to develop software faster and more cheaply, and the software is being used in more critical ways. Developing Safety-Critical Software: A Practical Guide for Aviation Software and DO-178C Compliance equips you with the information you need to effectively and efficiently develop safety-critical, life-critical, and mission-critical software for aviation. The principles also apply to software for automotive, medical, nuclear, and other safety-critical domains. An international authority on safety-critical software, the author helped write DO-178C and the U.S. Federal Aviation Administration’s policy and guidance on safety-critical software. In this book, she draws on more than 20 years of experience as a certification authority, an avionics manufacturer, an aircraft integrator, and a software developer to present best practices, real-world examples, and concrete recommendations. The book includes: An overview of how software fits into the systems and safety processes Detailed examination of DO-178C and how to effectively apply the guidance Insight into the DO-178C-related documents on tool qualification (DO-330), model-based development (DO-331), object-oriented technology (DO-332), and formal methods (DO-333) Practical tips for the successful development of safety-critical software and certification Insightful coverage of some of the more challenging topics in safety-critical software development and verification, including real-time operating systems, partitioning, configuration data, software reuse, previously developed software, reverse engineering, and outsourcing and offshoring An invaluable reference for systems and software managers, developers, and quality assurance personnel, this book provides a wealth of information to help you develop, manage, and approve safety-critical software more confidently.