Introduction Why Is This Book Being Written? Why Am I Writing This Book Goals of This Book Intended Audience How This Book Is Organized Security Vocabulary Virus or Attack Naming Security Terminology Software Testing and Changes in the Security Landscape Software Testing as a Discipline Security Has Become More of a Priority Security Efforts Have Become More Visible Perimeter Security Just Isn''t Enough All Trust Is Misplaced Security Testing Considerations Security Testing Versus Functional Testing Discovery of Software Vulnerabilities Assume Attackers Know Everything You Do Know Your Attackers Exploiting Software Vulnerabilities Common Security Hindering Phrases Software Development Life Cycle versus Security-Testing Life Cycle Black-Box versus White-Box Security Testing Guard Your Own Gates The Role of Security Testing Effectively Presenting Security Issues Threat Modeling and Risk Assessment Processes Threat Modeling Terms Initial Modeling of Threats Pitfalls of Threat Modeling Threat Trees DREAD STRIDE MERIT OCTAVE and OCTAVE-S Personas and Testing Creating Personas Using Personas Pitfalls of Personas Security Personas Security Test Planning Overview of the Process Start Drafting Your Test Documents Dissect the System Gather Information Develop Security Cases Prioritize Tests Develop a Test Plan of Attack Draft a Schedule Review the Plan and Test Cases Run Test Passes Postmortem the Results Sample Security Considerations Universal Stand-Alone Applications APIs Web Applications/Web Services/Distributed Applications Vulnerability Case Study - Brute Force Browsing Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study - Buffer Overruns Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study - Cookie Tampering Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study: Cross-Site Scripting (XSS) Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study: Denial of Service/Distributed Denial of Service Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study: Format String Vulnerabilities Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Tools Vulnerability Case Study: Integer Overflows and Underflows Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study: Man-in-the-Middle Attacks Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study - Password Cracking Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study - Session Hijacking Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study - Spoofing Attacks Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study - SQL Injection Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Fuzz Testing Assumptions Process Steps Case Studies Background - Cryptography Encryption How Encryption Works Encryption Tools Crypto Is Not Always Secure The Future of Crypto Background - Firewalls TCP/IP Port Scanners Types of Firewalls Drawbacks to Using Firewalls Background - OSI Network Model Application Layer (Layer 7) Presentation Layer (Layer 6) Session Layer (Layer 5) Transport Layer (Layer 4) Network Layer (Layer 3) Data Link Layer (Layer 2) Physical Layer (Layer 1) Background - Proxy Servers Types of Proxy Servers Circumventor Anonymous Background - TCP/IP and Other Networking Protocols TCP IP UDP ICMP ARP RARP BOOTP DHCP Background - Test Case Outlining (TCO) Goals What Is (and Is Not) a TCO Benefits of a TCO Steps in Test Case Outlining TCO Formats TCO Maintenance TCO to Scenario Additional Sources of Information Recommended Reading Recommended Web Sites and Mailing Lists Indexck-Box versus White-Box Security Testing Guard Your Own Gates The Role of Security Testing Effectively Presenting Security Issues Threat Modeling and Risk Assessment Processes Threat Modeling Terms Initial Modeling of Threats Pitfalls of Threat Modeling Threat Trees DREAD STRIDE MERIT OCTAVE and OCTAVE-S Personas and Testing Creating Personas Using Personas Pitfalls of Personas Security Personas Security Test Planning Overview of the Process Start Drafting Your Test Documents Dissect the System Gather Information Develop Security Cases Prioritize Tests Develop a Test Plan of Attack Draft a Schedule Review the Plan and Test Cases Run Test Passes Postmortem the Results Sample Security Considerations Universal Stand-Alone Applications APIs Web Applications/Web Services/Distributed Applications Vulnerability Case Study - Brute Force Browsing Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study - Buffer Overruns Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study - Cookie Tampering Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study: Cross-Site Scripting (XSS) Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study: Denial of Service/Distributed Denial of Service Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study: Format String Vulnerabilities Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Tools Vulnerability Case Study: Integer Overflows and Underflows Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study: Man-in-the-Middle Attacks Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study - Password Cracking Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study - Session Hijacking Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study - Spoofing Attacks Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study - SQL Injection Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Fuzz Testing Assumptions Process Steps Case Studies Background - Cryptography Encryption How Encryption Works Encryption Tools Crypto Is Not Always Secure The Future of Crypto Background - Firewalls TCP/IP Port Scanners Types of Firewalls Drawbacks to Using Firewalls Background - OSI Network Model Application Layer (Layer 7) Presentation Layer (Layer 6) Session Layer (Layer 5) Transport Layer (Layer 4) Network Layer (Layer 3) Data Link Layer (Layer 2) Physical Layer (Layer 1) Background - Proxy Servers Types of Proxy Servers Circumventor Anonymous Background - TCP/IP and Other Networking Protocols TCP IP UDP ICMP ARP RARP BOOTP DHCP Background - Test Case Outlining (TCO) Goals What Is (and Is Not) a TCO Benefits of a TCO Steps in Test Case Outlining TCO Formats TCO Maintenance TCO to Scenario Additional Sources of Information Recommended Reading Recommended Web Sites and Mailing Lists Index> Sample Security Considerations Universal Stand-Alone Applications APIs Web Applications/Web Services/Distributed Applications Vulnerability Case Study - Brute Force Browsing Pseudonyms Description Anatomy of an Exploit Real-World Example.