Book description
Learn how to think like an attacker—and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released.
Discover how to:
- Identify high-risk entry points and create test cases
- Test clients and servers for malicious request/response bugs
- Use black box and white box approaches to help reveal security vulnerabilities
- Uncover spoofing issues, including identity and user interface spoofing
- Detect bugs that can take advantage of your program’s logic, such as SQL injection
- Test for XML, SOAP, and Web services vulnerabilities
- Recognize information disclosure and weak permissions issues
- Identify where attackers can directly manipulate memory
- Test with alternate data representations to uncover canonicalization issues
- Expose COM and ActiveX repurposing attacks
PLUS—Get code samples and debugging tools on the Web
Publisher resources
Table of contents
- Hunting Security Bugs
- Dedication
- Foreword
- Introduction
- 1. General Approach to Security Testing
- 2. Using Threat Models for Security Testing
- 3. Finding Entry Points
- 4. Becoming a Malicious Client
-
5. Becoming a Malicious Server
- Understanding Common Ways Clients Receive Malicious Server Responses
- Does SSL Prevent Malicious Server Attacks?
- Manipulating Server Responses
- Examples of Malicious Response Bugs
- Myth: It Is Difficult for an Attacker to Create a Malicious Server
- Understanding Downgrade MITM Attacks
- Testing Tips
- Summary
- 6. Spoofing
- 7. Information Disclosure
-
8. Buffer Overflows and Stack and Heap Manipulation
- Understanding How Overflows Work
- Testing for Overruns: Where to Look for Cases
- Black Box (Functional) Testing
- White Box Testing
- Additional Topics
- Testing Tips
- Summary
-
9. Format String Attacks
- What Are Format Strings?
- Understanding Why Format Strings Are a Problem
- Testing for Format String Vulnerabilities
- Walkthrough: Seeing a Format String Attack in Action
- Testing Tips
- Summary
-
10. HTML Scripting Attacks
- Understanding Reflected Cross-Site Scripting Attacks Against Servers
- Understanding Persistent XSS Attacks Against Servers
- Identifying Attackable Data for Reflected and Persistent XSS Attacks
- Common Ways Programmers Try to Stop Attacks
- Understanding Reflected XSS Attacks Against Local Files
- Understanding Script Injection Attacks in the My Computer Zone
- Ways Programmers Try to Prevent HTML Scripting Attacks
- Understanding How Internet Explorer Mitigates XSS Attacks Against Local Files
- Identifying HTML Scripting Vulnerabilities
- Finding HTML Scripting Bugs Through Code Review
- Summary
- 11. XML Issues
-
12. Canonicalization Issues
- Understanding the Importance of Canonicalization Issues
- Finding Canonicalization Issues
- File-Based Canonicalization Issues
- Web-Based Canonicalization Issues
- Testing Tips
- Summary
-
13. Finding Weak Permissions
- Understanding the Importance of Permissions
- Finding Permissions Problems
- Understanding the Windows Access Control Mechanism
- Finding and Analyzing Permissions on Objects
- Recognizing Common Permissions Problems
- Determining the Accessibility of Objects
- Other Permissions Considerations
- Summary
- 14. Denial of Service Attacks
-
15. Managed Code Issues
- Dispelling Common Myths About Using Managed Code
- Understanding the Basics of Code Access Security
- Finding Problems Using Code Reviews
- Understanding the Issues of Using APTCA
- Decompiling .NET Assemblies
- Testing Tips
- Summary
-
16. SQL Injection
- Exactly What Is SQL Injection?
- Understanding the Importance of SQL Injection
- Finding SQL Injection Issues
- Avoiding Common Mistakes About SQL Injection
- Understanding Repurposing of SQL Stored Procedures
- Recognizing Similar Injection Attacks
- Testing Tips
- Summary
-
17. Observation and Reverse Engineering
- Observation Without a Debugger or Disassembler
- Using a Debugger to Trace Program Execution and Change its Behavior
- Using a Decompiler or Disassembler to Reverse Engineer a Program
- Analyzing Security Updates
- Testing Tips
- Legal Considerations
- Summary
-
18. ActiveX Repurposing Attacks
- Understanding ActiveX Controls
-
ActiveX Control Testing Walkthrough
- Clear
- ClipboardCopy
- ClipboardPaste
-
InvokeRTFEditor
- How Can an Attacker Specify the Editor InvokeRTFEditor Uses?
- Can an Attacker Bypass the Prompt?
- Can an Attacker Spoof the Prompt?
- How Is the Editor Launched?
- Which Component Creates the TomCC9.tmp File?
- Where Is the TomCC9.tmp File Stored?
- Is Data from the Control Pumped into the Editor? How?
- But Wait, There Is More!
- LoadRTF
- NumChars
- RTFEditor Property
- RTFEditor PARAM
- RTFEditorOverride
- Challenge
- Testing Tips
- Summary
- 19. Additional Repurposing Attacks
- 20. Reporting Security Bugs
- A. Tools of the Trade
- B. Security Test Cases Cheat Sheet
- C.
- Index
- About the Authors
- Copyright
Product information
- Title: Hunting Security Bugs
- Author(s):
- Release date: June 2006
- Publisher(s): Microsoft Press
- ISBN: 9780735621879
You might also like
book
Rootkits: Subverting the Windows Kernel
"It's imperative that everybody working in the field of cyber-security read this book to understand the …
book
Security with Go
The first stop for your security needs when using Go, covering host, network, and cloud security …
book
The .NET Developer's Guide to Windows Security
"As usual, Keith masterfully explains complex security issues in down-to-earth and easy-to-understand language. I bet you'll …
book
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
This book is a practical guide to discovering and exploiting security flaws in web applications. The …