Appendix B. Security Test Cases Cheat Sheet

In this appendix:
Network Requests and Responses
Spoofing
Information Disclosures
Buffer Overflows
Format Strings
Cross-Site Scripting and Script Injection
XML
SOAP
Canonicalization Issues
Weak Permissions
Denial of Service
Managed Code
SQL Injection
ActiveX

When providing security training, we have often been asked for a “cheat sheet” for the security test cases that should be performed. The main problem with such a list is that testers then generally tend to use only the security test cases on the list to determine whether a feature is secure. This is a huge mistake because no list can include all the test cases needed to guarantee your application is secure. On the other hand, having a cheat sheet ...

Get Hunting Security Bugs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Hunting Security Bugs by Bryan Jeffries, Tom Gallagher, Lawrence Landauer

Appendix B. Security Test Cases Cheat Sheet

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly