Rigorously test and improve the security of all your Web software! It’s as certain as death and taxes: hackers will mercilessly attack your Web sites, applications, and services. If you’re vulnerable, you’d better discover these attacks yourself, before the black hats do. Now, there’s a definitive, hands-on guide to security-testing any Web-based software: How to Break Web Software. In this book, two renowned experts address every category of Web software exploit: attacks on clients, servers, state, user inputs, and more. You’ll master powerful attack tools and techniques as you uncover dozens of crucial, widely exploited flaws in Web architecture and coding. The authors reveal where to look for potential threats and attack vectors, how to rigorously test for each of them, and how to mitigate the problems you find. Coverage includes · Client vulnerabilities, including attacks on client-side validation · State-based attacks: hidden fields, CGI parameters, cookie poisoning, URL jumping, and session hijacking · Attacks on user-supplied inputs: cross-site scripting, SQL injection, and directory traversal · Language- and technology-based attacks: buffer overflows, canonicalization, and NULL string attacks · Server attacks: SQL Injection with stored procedures, command injection, and server fingerprinting · Cryptography, privacy, and attacks on Web services Your Web software is mission-critical–it can’t be compromised. Whether you’re a developer, tester, QA specialist, or IT manager, this book will help you protect that software–systematically.

CD-ROM contains: Canned HEAT v.2.0 -- Holodeck Lite v. 1.0.

Address Errors before Users Find ThemUsing a mix-and-match approach, Software Test Attacks to Break Mobile and Embedded Devices presents an attack basis for testing mobile and embedded systems. Designed for testers working in the ever-expanding world of "smart" devices driven by software, the book focuses on attack-based testing that can be used by

Whether you want to break into information security, move from one job to another, or transition into management, Breaking into Information Security will help. No other book surveys all the different jobs available in the industry, frankly discusses the positives and negatives of each, and what you need to learn to get into and out of each role. Unlike books that focus on a specific skill set or on how to gain a certification or get a job, this book encompasses the "big picture," including why certifications, if any, are worthwhile for you. In a profession where new career paths aren't always clear, Breaking into Information Security will teach you how to identify where you are in your career today, understand where you wish to go, and provide proven methods to get there. From entry-level jobs to the extremely specific skills needed to be an InfoSec consultant, this book covers it all, including in-job skill building, working within the community, and building your skills after hours. If you are seeking to advance in the highly competitive field of information security, this book will give you the edge you need to break in. - The most practical guide to starting your career in information security, or advancing to the next level - Presented in a "level-up gaming framework for career progression, with a "Learn, Do, Teach approach through three tiers of InfoSec jobs - Provides examples of specific roles and career paths in each job tier so you can identify and max out skills for the role you want - Learn how to advance to management and training roles, as well as the specific skills you need to become an independent consultant - Find out about career "booster paths" to help you advance your career at high speed

The latest trends in information technology represent a new intellectual paradigm for scientific exploration and the visualization of scientific phenomena. This title covers the emerging technologies in the field. Academics, engineers, industrialists, scientists and researchers engaged in teaching, and research and development of computer science and information technology will find the book useful for their academic and research work.

For more than 20 years, this has been the best selling guide to software engineering for students and industry professionals alike. This edition has been completely updated and contains hundreds of new references to software tools.

Professional testing of software is an essential task that requires a profound knowledge of testing techniques. The International Software Testing Qualifications Board (ISTQB) has developed a universally accepted, international qualification scheme aimed at software and system testing professionals, and has created the Syllabi and Tests for the "Certified Tester." Today about 300,000 people have taken the ISTQB certification exams. The authors of Software Testing Foundations, 4th Edition, are among the creators of the Certified Tester Syllabus and are currently active in the ISTQB. This thoroughly revised and updated fourth edition covers the "Foundations Level" (entry level) and teaches the most important methods of software testing. It is designed for self-study and provides the information necessary to pass the Certified Tester-Foundations Level exam, version 2011, as defined by the ISTQB. Also in this new edition, technical terms have been precisely stated according to the recently revised and updated ISTQB glossary. Topics covered: Fundamentals of Testing Testing and the Software Lifecycle Static and Dynamic Testing Techniques Test Management Test Tools Also mentioned are some updates to the syllabus that are due in 2015.