June 2007
Intermediate to advanced
576 pages
14h 20m
English
Vulnerabilities are the life-blood of security research. Whether you are performing a penetration test, evaluating a new product, or auditing the source code of a critical component—vulnerabilities drive your decisions, provide justification for your time, and influence your choices for years to come.
Source code auditing is a white box testing technique that has long been a popular approach for uncovering vulnerabilities in software products. This method requires the auditor to know every programming concept and function used in the product, and to have a deep understanding of the product’s operating environment. Source code auditing also has one obvious pitfall—the source code for the product must be available.
Thankfully, there ...