
	Home > Software Quality Tips > Application Security Book Excerpts > How to Break Web Software: Functional and Security Testing of Web Applications and Web Services -- Chapter 4: State-Based Attacks

Software Quality Tips:

EMAIL THIS

TIPS & NEWSLETTERS TOPICS

APPLICATION SECURITY BOOK EXCERPTS

How to Break Web Software: Functional and Security Testing of Web Applications and Web Services -- Chapter 4: State-Based Attacks

Mike Andrews and James A. Whittaker
02.02.2006
Rating: -5.00- (out of 5)

Digg This!

StumbleUpon

Del.icio.us

How to Break Web Software: Functional and Security Testing of Web Applications and Web Services
By Andrews, Mike/ Whittaker, James A.
Published by AWP
Series: None
ISBN: 0321369440; Published: 2/10/2006; Copyright 2006; Pages: 240; Edition: 1

Click here for more information or to buy the book

As a registered member of SearchSoftwareQuality.com, you're entitled to a complimentary copy of Chapter 4 of How to Break Web Software: Functional and Security Testing of Web Applications and Web Services written by Mike Andrews and James A. Whittaker and published by Addison Wesley Professional.

"State-Based Attacks" describes attacks that could affect your Web application and helps you determine if your Web application handles state information properly.

[TABLE]

Book description:

In this book

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Application Security Book Excerpts
	Cybersecurity czar candidate questions clout of new position
	Commonly-overlooked security flaws in rich Internet applications
	Common mistakes in real-time Java programming
	Web Security Testing Cookbook sample recipe
	Fuzzing for Software Security Testing and Quality Assurance: Chapter 3, Testing for Quality
	Software Security Engineering: A Guide for Project Managers -- Chapter 3, Requirements Engineering for Secure Software
	InfoSecurity 2008 Threat Analysis, Chapter 4: XSS Theory
	Google Hacking for Penetration Testers, Volume 2: Chapter 6, Locating Exploits and Finding Targets
	Ajax Security -- Chapter 6, Transparency in Ajax Applications
	Fuzzing: Brute Force Vulnerability Discovery -- Chapter 12, Fuzzing Frameworks

Hiring, mentoring and training for software projects

How to get a software testing job in a recession

Does Microsoft offer an international testing certification?

How to handle IT project management in a recession

How teams transition to agile development methodologies

Do security certifications really matter? Yes, really

Cutting staff for a more agile software development team

Software development lifecycle (SDLC) trends 2009: Requirements, agile

Software pros start to feel effects of recession

Skills you need to further your software testing career

Testing training: Disturbing behaviors of students

Threat modeling

Web application security and the PCI DSS

The essentials of Web application threat modeling

How to implement security in Java EE and Java ME

Application security shouldn't involve duct tape, Band-Aids or bubble gum

Stop SQL injection attacks on applications

How to counter XSS attacks

Breaking the same origin barrier of JavaScript

Protection against "zero-minute" exploits

Denial of service and Ajax

CSRF attack vector with Ajax serialization

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

Project Management Professional (PMP) (SearchSoftwareQuality.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

, two renowned experts address every category of Web software exploit: attacks on clients, servers, state, user inputs, and more. You'll master powerful attack tools and techniques as you uncover dozens of crucial, widely exploited flaws in Web architecture and coding.

The authors reveal where to look for potential threats and attack vectors, how to rigorously test for each of them, and how to mitigate the problems you find. Coverage includes the following:

Your Web software is mission-critical -- it can't be compromised. Whether you're a developer, tester, QA specialist, or IT manager, this book will help you protect that software–systematically.

Companion CD contains full source code for one testing tool you can modify and extend, free Web security testing tools, and complete code from a flawed Web site designed to give you hands-on practice in identifying security holes.

>> Read Chapter 4: State-Based Attacks now.

>> Buy the book

Rate this Tip
To rate tips, you must be a member of SearchSoftwareQuality.com. Register now to start rating these tips. Log in if you are already a member.

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Software Design & Testing - Project Management

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2006 - 2009, TechTarget \| Read our Privacy Policy