- Covers security basics and guides reader through the process of testing a Web site.
- Explains how to analyze results and design specialized follow-up tests that focus on potential security gaps.
- Teaches the process of discovery, scanning, analyzing, verifying results of specialized tests, and fixing vulnerabilities.
Arvustused
"...a helpful guide...a direct and easy to understand style of writing..." (Software Testing, Verification and Reliability, Dec 2004)
|
|
|
|
|
|
|
|
|
| PART ONE: AN INTRODUCTION TO THE BOOK. |
|
|
|
|
| PART TWO: PLANNING THE TESTING EFFORT. |
|
|
|
|
| PART THREE: TEST DESIGN. |
|
|
|
|
|
System Software Security. |
|
|
|
Client-Side Application Security. |
|
|
|
Server-Side Application Security. |
|
|
|
Sneak Attacks: Guarding Against the Less-Thought-of Security Threats. |
|
|
|
Intruder Confusion, Detection, and Response. |
|
|
| PART FOUR: TEST IMPLEMENTATION. |
|
|
Assessment and Penetration Options. |
|
|
|
|
|
|
|
|
| PART FIVE: APPENDIXES. |
|
|
Appendix A: An Overview of Network Protocols, Addresses, and Devices. |
|
|
|
Appendix B: SANS Institute Top 20 Critical Internet Security Vulnerabilities. |
|
|
|
Appendix C: Test-Deliverable Templates. |
|
|
|
|
|
|
|
|
STEVEN SPLAINE is a chartered software engineer with more than twenty years of experience in project management, software testing, and product development. He is a regular speaker at software testing conferences and lead author of The Web Testing Handbook.
