找回密码
 注册
搜索
热搜: java php web
查看: 949|回复: 7

Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast

[复制链接]
发表于 2009-8-24 10:54:02 | 显示全部楼层 |阅读模式
本帖最后由 石头 于 2009-8-24 11:00 编辑





作者:Paco Hope, Ben Walther
出版日期:October 28, 2008
出版社:O'Reilly
页数:312
ISBN:ISBN-10: 0596514832 ISBN-13: 978-0596514839
文件格式:CHM


Product Description
Among the tests you perform on web applications, security testing isperhaps the most important, yet it’s often the most neglected. Therecipes in the Web Security Testing Cookbook demonstrate how developersand testers can check for the most common web security issues, whileconducting unit tests, regression tests, or exploratory tests. Unlikead hoc security assessments, these recipes are repeatable, concise, andsystematic-perfect for integrating into your regular test suite.Recipes cover the basics from observing messages between clients andservers to multi-phase tests that script the login and execution of webapplication features. By the end of the book, you’ll be able to buildtests pinpointed at Ajax functions, as well as large multi-step testsfor the usual suspects: cross-site scripting and injection attacks.This book helps you: Obtain, install, and configure useful-andfree-security testing tools Understand how your applicationcommunicates with users, so you can better simulate attacks in yourtests Choose from many different methods that simulate common attackssuch as SQL injection, cross-site scripting, and manipulating hiddenform fields Make your tests repeatable by using the scripts andexamples in the recipes as starting points for automated testsDon’tlive in dread of the midnight phone call telling you that your site hasbeen hacked. With Web Security Testing Cookbook and the free tools usedin the book’s examples, you can incorporate security coverage into yourtest suite, and sleep in peace.About the Author
Paco Hope is a TechnicalManager at Cigital, Inc. and co-author of Mastering FreeBSD and OpenBSDSecurity (April 2005, O’Reilly, ISBN 0596006268). Mr. Hope has alsopublished articles on Misuse and Abuse Cases and PKI. He has beeninvited to conferences to speak on topics such as software securityre-quirements, web application security, and embedded system security.At Cigi-tal, he has served as a subject matter expert to MasterCardInternational for security policies and has assisted a Fortune 500hospitality company in writ-ing software security policy. He alsotrains software developers and testers in the fundamentals of softwaresecurity. In the gaming and mobile communica-tions industries he hasadvised several companies on software security. Mr. Hope majored inComputer Science and English at The College of William and Mary andreceived an M.S. in Computer Science from the University of Virginia.
Ben Walther is a consultant at Cigital and contributor to the EditCookies tool. He has a hand in both normal Quality Assurance andSoftware Security. Day to day, he designs and executes tests – and sohe understands the need for simple recipes, in the hectic QA world. Yethe has also given talks on web ap-plication testing tools to members ofthe Open Web Application Security Pro-ject (OWASP). Through Cigital, hetests systems ranging from financial data processing to slot machines.Mr. Walther has a B.S. in Information Science from Cornell University.

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?注册

×
发表于 2009-9-17 12:10:32 | 显示全部楼层
不错

评分

1

查看全部评分

回复

使用道具 举报

发表于 2010-2-10 10:51:13 | 显示全部楼层
不错
回复

使用道具 举报

发表于 2010-2-12 12:43:31 | 显示全部楼层
很好的一本书。
回复

使用道具 举报

发表于 2010-2-28 11:57:08 | 显示全部楼层
Thanks lz Thanks lz
回复

使用道具 举报

发表于 2010-6-9 19:38:13 | 显示全部楼层
thanks again
回复

使用道具 举报

发表于 2010-7-21 11:03:13 | 显示全部楼层
thanks a lot
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

Archiver|手机版|小黑屋|软晨网(RuanChen.com)

GMT+8, 2024-11-13 09:52

Powered by Discuz! X3.5

Copyright © 2001-2023 Tencent Cloud.

快速回复 返回顶部 返回列表