How to Break Web Software

Functional and Security Testing of Web Applications and Web Services
Author: Mike Andrews,James A. Whittaker
Publisher: Addison-Wesley Professional
ISBN: 9780321657510
Category: Computers
Page: 240
View: 2996
DOWNLOAD NOW »
Rigorously test and improve the security of all your Web software! It’s as certain as death and taxes: hackers will mercilessly attack your Web sites, applications, and services. If you’re vulnerable, you’d better discover these attacks yourself, before the black hats do. Now, there’s a definitive, hands-on guide to security-testing any Web-based software: How to Break Web Software. In this book, two renowned experts address every category of Web software exploit: attacks on clients, servers, state, user inputs, and more. You’ll master powerful attack tools and techniques as you uncover dozens of crucial, widely exploited flaws in Web architecture and coding. The authors reveal where to look for potential threats and attack vectors, how to rigorously test for each of them, and how to mitigate the problems you find. Coverage includes · Client vulnerabilities, including attacks on client-side validation · State-based attacks: hidden fields, CGI parameters, cookie poisoning, URL jumping, and session hijacking · Attacks on user-supplied inputs: cross-site scripting, SQL injection, and directory traversal · Language- and technology-based attacks: buffer overflows, canonicalization, and NULL string attacks · Server attacks: SQL Injection with stored procedures, command injection, and server fingerprinting · Cryptography, privacy, and attacks on Web services Your Web software is mission-critical–it can’t be compromised. Whether you’re a developer, tester, QA specialist, or IT manager, this book will help you protect that software–systematically.

How to Break Web Software

Functional and Security Testing of Web Applications and Web Services
Author: Mike Andrews,James A. Whittaker
Publisher: Addison-Wesley Professional
ISBN: 9780321369444
Category: Computers
Page: 219
View: 8340
DOWNLOAD NOW »
Provides information on security testing Web-based software.

How to Break Software

A Practical Guide to Testing
Author: James A. Whittaker
Publisher: Addison-Wesley
ISBN: 9780201796193
Category: Computers
Page: 178
View: 7402
DOWNLOAD NOW »
CD-ROM contains: Canned HEAT v.2.0 -- Holodeck Lite v. 1.0.

How to Break Software Security

Effective Techniques for Security Testing
Author: James A. Whittaker,Herbert H. Thompson
Publisher: Addison-Wesley
ISBN: 9780321194336
Category: Computers
Page: 185
View: 4967
DOWNLOAD NOW »
Learn how to destroy security bugs in your software from a tester's point-of-view. It focuses your security test on the common vulnerabilities--ther user interface, software dependencies, design, process and memory. (Midwest)

Exploratory Software Testing

Tips, Tricks, Tours, and Techniques to Guide Test Design
Author: James A. Whittaker
Publisher: Pearson Education
ISBN: 9780321647856
Category: Computers
Page: 256
View: 9608
DOWNLOAD NOW »
How to Find and Fix the Killer Software Bugs that Evade Conventional Testing In Exploratory Software Testing, renowned software testing expert James Whittaker reveals the real causes of today’s most serious, well-hidden software bugs--and introduces powerful new “exploratory” techniques for finding and correcting them. Drawing on nearly two decades of experience working at the cutting edge of testing with Google, Microsoft, and other top software organizations, Whittaker introduces innovative new processes for manual testing that are repeatable, prescriptive, teachable, and extremely effective. Whittaker defines both in-the-small techniques for individual testers and in-the-large techniques to supercharge test teams. He also introduces a hybrid strategy for injecting exploratory concepts into traditional scripted testing. You’ll learn when to use each, and how to use them all successfully. Concise, entertaining, and actionable, this book introduces robust techniques that have been used extensively by real testers on shipping software, illuminating their actual experiences with these techniques, and the results they’ve achieved. Writing for testers, QA specialists, developers, program managers, and architects alike, Whittaker answers crucial questions such as: • Why do some bugs remain invisible to automated testing--and how can I uncover them? • What techniques will help me consistently discover and eliminate “show stopper” bugs? • How do I make manual testing more effective--and less boring and unpleasant? • What’s the most effective high-level test strategy for each project? • Which inputs should I test when I can’t test them all? • Which test cases will provide the best feature coverage? • How can I get better results by combining exploratory testing with traditional script or scenario-based testing? • How do I reflect feedback from the development process, such as code changes?

Web Security Testing Cookbook


Author: Brian Hope,Paco Hope,Ben Walther
Publisher: "O'Reilly Media, Inc."
ISBN: 0596514832
Category: Computers
Page: 285
View: 718
DOWNLOAD NOW »
Offering developers an inexpensive way to include testing as part of the development cycle, this cookbook features scores of recipes for testing Web applications, from relatively simple solutions to complex ones that combine several solutions.

Software Test Attacks to Break Mobile and Embedded Devices


Author: Jon Duncan Hagar
Publisher: CRC Press
ISBN: 146657531X
Category: Computers
Page: 377
View: 6918
DOWNLOAD NOW »
Address Errors before Users Find Them Using a mix-and-match approach, Software Test Attacks to Break Mobile and Embedded Devices presents an attack basis for testing mobile and embedded systems. Designed for testers working in the ever-expanding world of "smart" devices driven by software, the book focuses on attack-based testing that can be used by individuals and teams. The numerous test attacks show you when a software product does not work (i.e., has bugs) and provide you with information about the software product under test. The book guides you step by step starting with the basics. It explains patterns and techniques ranging from simple mind mapping to sophisticated test labs. For traditional testers moving into the mobile and embedded area, the book bridges the gap between IT and mobile/embedded system testing. It illustrates how to apply both traditional and new approaches. For those working with mobile/embedded systems without an extensive background in testing, the book brings together testing ideas, techniques, and solutions that are immediately applicable to testing smart and mobile devices.

Exploiting Software

How to Break Code
Author: Greg Hoglund,Gary McGraw
Publisher: Addison-Wesley Professional
ISBN: 9780201786958
Category: Computers
Page: 471
View: 3763
DOWNLOAD NOW »
A guide to secure software covers such topics as rootkits, buffer overflows, reverse engineering tools, and locating bugs.

How Google Tests Software


Author: James A. Whittaker,Jason Arbon,Jeff Carollo
Publisher: Addison-Wesley
ISBN: 0132851555
Category: Computers
Page: 272
View: 8643
DOWNLOAD NOW »
2012 Jolt Award finalist! Pioneering the Future of Software Test Do you need to get it right, too? Then, learn from Google. Legendary testing expert James Whittaker, until recently a Google testing leader, and two top Google experts reveal exactly how Google tests software, offering brand-new best practices you can use even if you’re not quite Google’s size…yet! Breakthrough Techniques You Can Actually Use Discover 100% practical, amazingly scalable techniques for analyzing risk and planning tests…thinking like real users…implementing exploratory, black box, white box, and acceptance testing…getting usable feedback…tracking issues…choosing and creating tools…testing “Docs & Mocks,” interfaces, classes, modules, libraries, binaries, services, and infrastructure…reviewing code and refactoring…using test hooks, presubmit scripts, queues, continuous builds, and more. With these techniques, you can transform testing from a bottleneck into an accelerator–and make your whole organization more productive!

How We Test Software at Microsoft


Author: Alan Page,Ken Johnston,Bj Rollison
Publisher: Microsoft Press
ISBN: 0735638314
Category: Computers
Page: 448
View: 8722
DOWNLOAD NOW »
It may surprise you to learn that Microsoft employs as many software testers as developers. Less surprising is the emphasis the company places on the testing discipline—and its role in managing quality across a diverse, 150+ product portfolio. This book—written by three of Microsoft’s most prominent test professionals—shares the best practices, tools, and systems used by the company’s 9,000-strong corps of testers. Learn how your colleagues at Microsoft design and manage testing, their approach to training and career development, and what challenges they see ahead. Most important, you’ll get practical insights you can apply for better results in your organization. Discover how to: Design effective tests and run them throughout the product lifecycle Minimize cost and risk with functional tests, and know when to apply structural techniques Measure code complexity to identify bugs and potential maintenance issues Use models to generate test cases, surface unexpected application behavior, and manage risk Know when to employ automated tests, design them for long-term use, and plug into an automation infrastructure Review the hallmarks of great testers—and the tools they use to run tests, probe systems, and track progress efficiently Explore the challenges of testing services vs. shrink-wrapped software

Explore It!

Reduce Risk and Increase Confidence with Exploratory Testing
Author: Elisabeth Hendrickson
Publisher: Pragmatic Bookshelf
ISBN: 1680503502
Category: Computers
Page: 160
View: 5501
DOWNLOAD NOW »
Uncover surprises, risks, and potentially serious bugs with exploratory testing. Rather than designing all tests in advance, explorers design and execute small, rapid experiments, using what they learned from the last little experiment to inform the next. Learn essential skills of a master explorer, including how to analyze software to discover key points of vulnerability, how to design experiments on the fly, how to hone your observation skills, and how to focus your efforts. Software is full of surprises. No matter how careful or skilled you are, when you create software it can behave differently than you intended. Exploratory testing mitigates those risks. Part 1 introduces the core, essential skills of a master explorer. You'll learn to craft charters to guide your exploration, to observe what's really happening (hint: it's harder than it sounds), to identify interesting variations, and to determine what expected behavior should be when exercising software in unexpected ways. Part 2 builds on that foundation. You'll learn how to explore by varying interactions, sequences, data, timing, and configurations. Along the way you'll see how to incorporate analysis techniques like state modeling, data modeling, and defining context diagrams into your explorer's arsenal. Part 3 brings the techniques back into the context of a software project. You'll apply the skills and techniques in a variety of contexts and integrate exploration into the development cycle from the very beginning. You can apply the techniques in this book to any kind of software. Whether you work on embedded systems, Web applications, desktop applications, APIs, or something else, you'll find this book contains a wealth of concrete and practical advice about exploring your software to discover its capabilities, limitations, and risks.

Secure Programming with Static Analysis


Author: Brian Chess,Jacob West
Publisher: Pearson Education
ISBN: 9780132702027
Category: Computers
Page: 624
View: 2855
DOWNLOAD NOW »
The First Expert Guide to Static Analysis for Software Security! Creating secure code requires more than just good intentions. Programmers need to know that their code will be safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine-toothed comb and uncover the kinds of errors that lead directly to security vulnerabilities. Now, there’s a complete guide to static analysis: how it works, how to integrate it into the software development processes, and how to make the most of it during security code review. Static analysis experts Brian Chess and Jacob West look at the most common types of security defects that occur today. They illustrate main points using Java and C code examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar mistakes. This book is for everyone concerned with building more secure software: developers, security engineers, analysts, and testers.

Sleeping with Your Smartphone

How to Break the 24/7 Habit and Change the Way You Work
Author: Leslie A. Perlow
Publisher: Harvard Business Press
ISBN: 1422144046
Category: Business & Economics
Page: 274
View: 3688
DOWNLOAD NOW »
"Argues that monitoring one's electronic business communication 24/7 is actually counterproductive and offers a plan for companies to take time to ""disconnect"" in order to boost their productivity."

How to Break Up with Your Phone

The 30-Day Plan to Take Back Your Life
Author: Catherine Price
Publisher: Ten Speed Press
ISBN: 0399581138
Category: Self-Help
Page: 192
View: 4691
DOWNLOAD NOW »
Packed with tested strategies and practical tips, this book is the essential, life-changing guide for everyone who owns a smartphone. Is your phone the first thing you reach for in the morning and the last thing you touch before bed? Do you frequently pick it up “just to check,” only to look up forty-five minutes later wondering where the time has gone? Do you say you want to spend less time on your phone—but have no idea how to do so without giving it up completely? If so, this book is your solution. Award-winning journalist Catherine Price presents a practical, hands-on plan to break up—and then make up—with your phone. The goal? A long-term relationship that actually feels good. You’ll discover how phones and apps are designed to be addictive, and learn how the time we spend on them damages our abilities to focus, think deeply, and form new memories. You’ll then make customized changes to your settings, apps, environment, and mindset that will ultimately enable you to take back control of your life.

How to Break Into Pharmaceutical Sales

A Headhunter's Strategy
Author: Tom Ruff
Publisher: Tom Ruff Company
ISBN: 0978607015
Category: Business & Economics
Page: 240
View: 1142
DOWNLOAD NOW »
Today, more and more candidates are competing for positions in the rewarding and lucrative field of pharmaceutical sales. In his down-to-earth and practical style, top headhunter Tom Ruff shares secrets he's gathered over sixteen years of grooming and placing top talent with more than one hundred of the country's top pharmaceutical companies.

How To Break Bad News

A Guide for Health Care Professionals
Author: Robert Buckman
Publisher: University of Toronto Press
ISBN: 1487592639
Category: Medical
Page: 223
View: 9714
DOWNLOAD NOW »
For many health care professionals and social service providers, the hardest part of the job is breaking bad news. The news may be about a condition that is life-threatening (such as cancer or AIDS), disabling (such as multiple sclerosis or rheumatoid arthritis), or embarrassing (such as genital herpes). To date medical education has done little to train practitioners in coping with such situations. With this guide Robert Buckman and Yvonne Kason provide help. Using plain, intelligible language they outline the basic principles of breaking bad new and present a technique, or protocol, that can be easily learned. It draws on listening and interviewing skills that consider such factors as how much the patient knows and/or wants to know; how to identify the patient's agenda and understanding, and how to respond to his or her feelings about the information. They also discuss reactions of family and friends and of other members of the health care team. Based on Buckman's award-winning training videos and Kason's courses on interviewing skills for medical students, this volume is an indispensable aid for doctors, nurses, psychotherapists, social workers, and all those in related fields.

How Software Works

The Magic Behind Encryption, CGI, Search Engines, and Other Everyday Technologies
Author: V. Anton Spraul
Publisher: No Starch Press
ISBN: 1593277172
Category: Computers
Page: 216
View: 9843
DOWNLOAD NOW »
We use software every day to perform all kinds of magical, powerful tasks. It's the force behind stunning CGI graphics, safe online shopping, and speedy Google searches. Software drives the modern world, but its inner workings remain a mystery to many. How Software Works explains how computers perform common-yet-amazing tasks that we take for granted every day. Inside you'll learn: –How data is encrypted –How passwords are used and protected –How computer graphics are created –How video is compressed for streaming and storage –How data is searched (and found) in huge databases –How programs can work together on the same problem without conflict –How data travels over the Internet How Software Works breaks down these processes with patient explanations and intuitive diagrams so that anyone can understand—no technical background is required, and you won't be reading through any code. In plain English, you'll examine the intricate logic behind the technologies you constantly use but never understood. If you've ever wondered what really goes on behind your computer screen, How Software Works will give you fascinating look into the software all around you.

A Practitioner's Guide to Software Test Design


Author: Lee Copeland
Publisher: Artech House
ISBN: 9781580537322
Category: Computers
Page: 274
View: 1939
DOWNLOAD NOW »
HereOCOs a comprehensive, up-to-date and practical introduction to software test design. This invaluable book presents all the important test design techniques in a single place and in a consistent, and easy-to-digest format. An immediately useful handbook for test engineers, developers, quality assurance professionals, and requirements and systems analysts, it enables you to: choose the best test case design, find software defects in less time and with fewer resources, and develop optimal strategies that help reduce the likelihood of costly errors. It also assists you in estimating the effort, time and cost of good testing."

The Way of the Web Tester

A Beginner's Guide to Automating Tests
Author: Jonathan Rasmusson
Publisher: Pragmatic Bookshelf
ISBN: 1680505149
Category: Computers
Page: 258
View: 2649
DOWNLOAD NOW »
This book is for everyone who needs to test the web. As a tester, you'll automate your tests. As a developer, you'll build more robust solutions. And as a team, you'll gain a vocabulary and a means to coordinate how to write and organize automated tests for the web. Follow the testing pyramid and level up your skills in user interface testing, integration testing, and unit testing. Your new skills will free you up to do other, more important things while letting the computer do the one thing it's really good at: quickly running thousands of repetitive tasks. This book shows you how to do three things: How to write really good automated tests for the web. How to pick and choose the right ones. * How to explain, coordinate, and share your efforts with others. If you're a traditional software tester who has never written an automated test before, this is the perfect book for getting started. Together, we'll go through everything you'll need to start writing your own tests. If you're a developer, but haven't thought much about testing, this book will show you how to move fast without breaking stuff. You'll test RESTful web services and legacy systems, and see how to organize your tests. And if you're a team lead, this is the Rosetta Stone you've been looking for. This book will help you bridge that testing gap between your developers and your testers by giving your team a model to discuss automated testing, and most importantly, to coordinate their efforts. The Way of the Web Tester is packed with cartoons, graphics, best practices, war stories, plenty of humor, and hands-on tutorial exercises that will get you doing the right things, the right way.