Finding security flaws is now a fundamental development task, yet there has not been adequate documentation of the process used to find security bugs—until now. Before the Internet, computers were deployed in trusted environments and software development and testing practices emphasized functionality over security. As networking technologies emerged, though, times changed and people began to connect their computers together, instead of deploying in silos. However, development and testing practices did not account for attacks that could be mounted over networks.
The material currently available does not provide much practical guidance and the instructions given often fail to cultivate the right mindset and approach to enable people to successfully identify security issues before the software is published. This in-depth, technical reference highlights up-to-date tools, technologies, and techniques for helping find and eliminate vulnerabilities in software. Written for testers by testers, it delivers practical, hands-on guidance on how to find, classify, and assess bugs. In addition, this book covers the thought process behind security testing, use of source code to help in testing, and ways to spot security design flaws.