|
|
|
|
LEADER |
00000cam a2200000Ia 4500 |
001 |
OR_ocm85789106 |
003 |
OCoLC |
005 |
20231017213018.0 |
006 |
m o d |
007 |
cr unu|||||||| |
008 |
070307s2006 wau o 001 0 eng d |
010 |
|
|
|a 2006927197
|
040 |
|
|
|a UMI
|b eng
|e pn
|c UMI
|d BAKER
|d TXJ
|d NIALS
|d CEF
|d OCLCQ
|d TEFOD
|d B24X7
|d DEBSZ
|d OCLCQ
|d OCLCO
|d OCLCQ
|d OCLCF
|d OCLCQ
|d OCLCO
|d OCLCQ
|d AU@
|d YDXCP
|d OCLCQ
|d OCLCE
|d OCLCQ
|d OCLCA
|d OCLCQ
|d OCLCA
|d WYU
|d OCLCQ
|d VT2
|d EQK
|d OCLCA
|d OCLCQ
|d INARC
|d LDP
|d UKAHL
|d LVT
|d OCLCO
|d OCLCQ
|
019 |
|
|
|a 185038530
|a 827175005
|a 989014079
|a 1044356283
|a 1056408717
|a 1058180933
|a 1060830249
|a 1063816908
|a 1073067333
|a 1083174836
|a 1103256833
|a 1129360705
|a 1149475755
|a 1152999068
|a 1200475519
|a 1202553496
|a 1240531317
|a 1289801099
|a 1302274647
|
020 |
|
|
|a 073562187X
|
020 |
|
|
|a 9780735621879
|
020 |
|
|
|a 9780735690592
|q (electronic bk. ;
|q Adobe Reader)
|
020 |
|
|
|a 0735690596
|q (electronic bk. ;
|q Adobe Reader)
|
020 |
|
|
|a 9780735660243
|q (e-book)
|
020 |
|
|
|a 0735660247
|
020 |
0 |
|
|a 9780735660465
|q (online)
|
020 |
|
|
|a 0735660468
|
029 |
1 |
|
|a AU@
|b 000050492004
|
029 |
1 |
|
|a CHBIS
|b 006149161
|
029 |
1 |
|
|a CHVBK
|b 17140002X
|
029 |
1 |
|
|a DEBBG
|b BV040903106
|
029 |
1 |
|
|a DEBSZ
|b 355375028
|
029 |
1 |
|
|a DEBSZ
|b 381391949
|
029 |
1 |
|
|a GBVCP
|b 617231451
|
029 |
1 |
|
|a HEBIS
|b 291448828
|
029 |
1 |
|
|a AU@
|b 000066231955
|
035 |
|
|
|a (OCoLC)85789106
|z (OCoLC)185038530
|z (OCoLC)827175005
|z (OCoLC)989014079
|z (OCoLC)1044356283
|z (OCoLC)1056408717
|z (OCoLC)1058180933
|z (OCoLC)1060830249
|z (OCoLC)1063816908
|z (OCoLC)1073067333
|z (OCoLC)1083174836
|z (OCoLC)1103256833
|z (OCoLC)1129360705
|z (OCoLC)1149475755
|z (OCoLC)1152999068
|z (OCoLC)1200475519
|z (OCoLC)1202553496
|z (OCoLC)1240531317
|z (OCoLC)1289801099
|z (OCoLC)1302274647
|
037 |
|
|
|a CL0500000007
|b Safari Books Online
|
042 |
|
|
|a dlr
|
050 |
|
4 |
|a QA76.9.A25
|b G356 2006
|
082 |
0 |
4 |
|a 005.8
|2 22
|
084 |
|
|
|a 54.38
|2 bcl
|
084 |
|
|
|a 54.52
|2 bcl
|
084 |
|
|
|a ST 276
|2 rvk
|
049 |
|
|
|a UAMI
|
100 |
1 |
|
|a Gallagher, Tom.
|
245 |
1 |
0 |
|a Hunting security bugs /
|c Tom Gallagher, Bryan Jeffries, Lawrence Landauer.
|
260 |
|
|
|a Redmond, Wash. :
|b Microsoft Press,
|c 2006.
|
300 |
|
|
|a 1 online resource.
|
336 |
|
|
|a text
|b txt
|2 rdacontent
|
337 |
|
|
|a computer
|b c
|2 rdamedia
|
338 |
|
|
|a online resource
|b cr
|2 rdacarrier
|
490 |
1 |
|
|a Secure software development series
|
588 |
0 |
|
|a Print version record.
|
506 |
|
|
|3 Use copy
|f Restrictions unspecified
|2 star
|5 MiAaHDL
|
533 |
|
|
|a Electronic reproduction.
|b [Place of publication not identified] :
|c HathiTrust Digital Library,
|d 2011.
|5 MiAaHDL
|
538 |
|
|
|a Master and use copy. Digital master created according to Benchmark for Faithful Digital Reproductions of Monographs and Serials, Version 1. Digital Library Federation, December 2002.
|u http://purl.oclc.org/DLF/benchrepro0212
|5 MiAaHDL
|
583 |
1 |
|
|a digitized
|c 2011
|h HathiTrust Digital Library
|l committed to preserve
|2 pda
|5 MiAaHDL
|
500 |
|
|
|a Includes index.
|
504 |
|
|
|a Includes index.
|
505 |
0 |
0 |
|a Machine derived contents note: Dedication; Foreword; Introduction; Who Is This Book For?; Organization of This Book; System Requirements; Technology Updates; Code Samples and Companion Content; Support for This Book; Acknowledgments; Chapter 1: General Approach to Security Testing; 1.1 Different Types of Security Testers; 1.2 An Approach to Security Testing; 1.3 Summary; Chapter 2: Using Threat Models for Security Testing; 2.1 Threat Modeling; 2.2 How Testers Can Leverage a Threat Model; 2.3 Data Flow Diagrams; 2.4 Enumeration of Entry Points and Exit Points; 2.5 Enumeration of Threats; 2.6 How Testers Should Use a Completed Threat Model; 2.7 Implementation Rarely Matches the Specification or Threat Model; 2.8 Summary; Chapter 3: Finding Entry Points; 3.1 Finding and Ranking Entry Points; 3.2 Common Entry Points; 3.3 Summary; Chapter 4: Becoming a Malicious Client; 4.1 Client/Server Interaction; 4.2 Testing HTTP; 4.3 Testing Specific Network Requests Quickly; 4.4 Testing Tips; 4.5 Summary; Chapter 5: Becoming a Malicious Server; 5.1 Understanding Common Ways Clients Receive Malicious Server Responses; 5.2 Does SSL Prevent Malicious Server Attacks?; 5.3 Manipulating Server Responses; 5.4 Examples of Malicious Response Bugs; 5.5 Myth: It Is Difficult for an Attacker to Create a Malicious Server; 5.6 Understanding Downgrade MITM Attacks; 5.7 Testing Tips; 5.8 Summary; Chapter 6: Spoofing; 6.1 Grasping the Importance of Spoofing Issues; 6.2 Finding Spoofing Issues; 6.3 General Spoofing; 6.4 User Interface Spoofing; 6.5 Testing Tips; 6.6 Summary; Chapter 7: Information Disclosure; 7.1 Problems with Information Disclosure; 7.2 Locating Common Areas of Information Disclosure; 7.3 Identifying Interesting Data; 7.4 Summary; Chapter 8: Buffer Overflows and Stack and Heap Manipulation; 8.1 Understanding How Overflows Work; 8.2 Testing for Overruns: Where to Look for Cases; 8.3 Black Box (Functional) Testing; 8.4 White Box Testing; 8.5 Additional Topics; 8.6 Testing Tips; 8.7 Summary; Chapter 9: Format String Attacks; 9.1 What Are Format Strings?; 9.2 Understanding Why Format Strings Are a Problem; 9.3 Testing for Format String Vulnerabilities; 9.4 Walkthrough: Seeing a Format String Attack in Action; 9.5 Testing Tips; 9.6 Summary; Chapter 10: HTML Scripting Attacks; 10.1 Understanding Reflected Cross-Site Scripting Attacks Against Servers; 10.2 Understanding Persistent XSS Attacks Against Servers; 10.3 Identifying Attackable Data for Reflected and Persistent XSS Attacks; 10.4 Common Ways Programmers Try to Stop Attacks; 10.5 Understanding Reflected XSS Attacks Against Local Files; 10.6 Understanding Script Injection Attacks in the My Computer Zone; 10.7 Ways Programmers Try to Prevent HTML Scripting Attacks; 10.8 Understanding How Internet Explorer Mitigates XSS Attacks Against Local Files; 10.9 Identifying HTML Scripting Vulnerabilities; 10.10 Finding HTML Scripting Bugs Through Code Review; 10.11 Summary; Chapter 11: XML Issues; 11.1 Testing Non-XML Security Issues in XML Input Files; 11.2 Testing XML-Specific Attacks; 11.3 Simple Object Access Protocol; 11.4 Testing Tips; 11.5 Summary; Chapter 12: Canonicalization Issues; 12.1 Understanding the Importance of Canonicalization Issues; 12.2 Finding Canonicalization Issues; 12.3 File-Based Canonicalization Issues; 12.4 Web-Based Canonicalization Issues; 12.5 Testing Tips; 12.6 Summary; Chapter 13: Finding Weak Permissions; 13.1 Understanding the Importance of Permissions; 13.2 Finding Permissions Problems; 13.3 Understanding the Windows Access Control Mechanism; 13.4 Finding and Analyzing Permissions on Objects; 13.5 Recognizing Common Permissions Problems; 13.6 Determining the Accessibility of Objects; 13.7 Other Permissions Considerations; 13.8 Summary; Chapter 14: Denial of Service Attacks; 14.1 Understanding Types of DoS Attacks; 14.2 Testing Tips; 14.3 Summary; Chapter 15: Managed Code Issues; 15.1 Dispelling Common Myths About Using Managed Code; 15.2 Understanding the Basics of Code Access Security; 15.3 Finding Problems Using Code Reviews; 15.4 Understanding the Issues of Using APTCA; 15.5 Decompiling .NET Assemblies; 15.6 Testing Tips; 15.7 Summary; Chapter 16: SQL Injection; 16.1 Exactly What Is SQL Injection?; 16.2 Understanding the Importance of SQL Injection; 16.3 Finding SQL Injection Issues; 16.4 Avoiding Common Mistakes About SQL Injection; 16.5 Understanding Repurposing of SQL Stored Procedures; 16.6 Recognizing Similar Injection Attacks; 16.7 Testing Tips; 16.8 Summary; Chapter 17: Observation and Reverse Engineering; 17.1 Observation Without a Debugger or Disassembler; 17.2 Using a Debugger to Trace Program Execution and Change its Behavior; 17.3 Using a Decompiler or Disassembler to Reverse Engineer a Program; 17.4 Analyzing Security Updates; 17.5 Testing Tips; 17.6 Legal Considerations; 17.7 Summary; Chapter 18: ActiveX Repurposing Attacks; 18.1 Understanding ActiveX Controls; 18.2 ActiveX Control Testing Walkthrough; 18.3 Testing Tips; 18.4 Summary; Chapter 19: Additional Repurposing Attacks; 19.1 Understanding Document Formats That Request External Data; 19.2 Web Pages Requesting External Data; 19.3 Understanding Repurposing of Window and Thread Messages; 19.4 Summary; Chapter 20: Reporting Security Bugs; 20.1 Reporting the Issue; 20.2 Contacting the Vendor; 20.3 What to Expect After Contacting the Vendor; 20.4 Public Disclosure; 20.5 Addressing Security Bugs in Your Product; 20.6 Summary; Tools of the Trade; General; ActiveX/COM; Canonicalization; Code Analysis; Debugging; Documents and Binaries; Fuzzers; Memory/Runtime; Network; Permissions; SQL; Security Test Cases Cheat Sheet; Network Requests and Responses; Spoofing; Information Disclosures; Buffer Overflows; Format Strings; Cross-Site Scripting and Script Injection; XML; SOAP; Canonicalization Issues; Weak Permissions; Denial of Service; Managed Code; SQL Injection; ActiveX; ; Tom Gallagher; Bryan Jeffries; Lawrence Landauer.
|
520 |
0 |
|
|a "Finding security flaws is now a fundamental development task, yet there has not been adequate documentation of the process used to find security bugs-until now. Before the Internet, computers were deployed in trusted environments and software development and testing practices emphasized functionality over security. As networking technologies emerged, though, times changed and people began to connect their computers together, instead of deploying in silos. However, development and testing practices did not account for attacks that could be mounted over networks." --Microsoft.
|
590 |
|
|
|a O'Reilly
|b O'Reilly Online Learning: Academic/Public Library Edition
|
650 |
|
0 |
|a Computer security.
|
650 |
|
0 |
|a Computer software
|x Testing.
|
650 |
|
0 |
|a Computer networks
|x Security measures.
|
650 |
|
2 |
|a Computer Security
|
650 |
|
6 |
|a Sécurité informatique.
|
650 |
|
6 |
|a Réseaux d'ordinateurs
|x Sécurité
|x Mesures.
|
650 |
|
7 |
|a Computer security.
|2 blmlsh
|
650 |
|
7 |
|a Computer software
|x Testing.
|2 blmlsh
|
650 |
|
7 |
|a Computer networks
|x Security measures.
|2 blmlsh
|
650 |
|
7 |
|a Computer networks
|x Security measures.
|2 fast
|0 (OCoLC)fst00872341
|
650 |
|
7 |
|a Computer security.
|2 fast
|0 (OCoLC)fst00872484
|
650 |
|
7 |
|a Computer software
|x Testing.
|2 fast
|0 (OCoLC)fst00872601
|
650 |
|
7 |
|a Computersicherheit
|2 gnd
|
650 |
|
7 |
|a Softwareentwicklung
|2 gnd
|
650 |
|
7 |
|a Testen
|2 gnd
|
650 |
|
7 |
|a Engineering & Applied Sciences.
|2 hilcc
|
650 |
|
7 |
|a Computer Science.
|2 hilcc
|
653 |
|
0 |
|a Computer networks
|a Security measures
|
653 |
|
0 |
|a Computer security
|
653 |
|
0 |
|a Computer software
|a Testing
|
700 |
1 |
|
|a Jeffries, Bryan.
|
700 |
1 |
|
|a Landauer, Lawrence.
|
776 |
0 |
8 |
|i Print version:
|a Gallagher, Tom.
|t Hunting security bugs.
|d Redmond, Wash. : Microsoft Press, 2006
|z 9780735621879
|w (DLC) 2006927197
|w (OCoLC)71837204
|
830 |
|
0 |
|a Secure software development series.
|
856 |
4 |
0 |
|u https://learning.oreilly.com/library/view/~/073562187X/?ar
|z Texto completo (Requiere registro previo con correo institucional)
|
938 |
|
|
|a Baker & Taylor
|b BKTY
|c 49.99
|d 37.49
|i 073562187X
|n 0006739631
|s active
|
938 |
|
|
|a YBP Library Services
|b YANK
|n 11201866
|
938 |
|
|
|a Internet Archive
|b INAR
|n huntingsecurityb0000gall
|
938 |
|
|
|a Askews and Holts Library Services
|b ASKH
|n AH26904564
|
994 |
|
|
|a 92
|b IZTAP
|