Tom Gallagher, Bryan Jeffries and Lawrence Landauer have produced a very useful book that they describe as follows:
Learn how to think like an attacker—and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released.
General Approach to Security Testing Using Threat Models for Security Testing Finding Entry Points Becoming a Malicious Client Becoming a Malicious Server Spoofing Information Disclosure Buffer Overruns and Stack and Heap Manipulation Format String Attacks HTML Scripting Attacks XML Issues Canonicalization Issues Finding Weak Permissions Denial of Service Attacks Managed Code Issues SQL Injection Observation & Reverse Engineering ActiveX Repurposing Additional Repurposing Attacks Reporting Security Bugs
Appendix A: Tools of the Trade
Appendix B: Security Test Case Cheat Sheet
myITforum Daily Newsletter Daily Newsletter September 12, 2006 The myITforum.com newsletter is delivered