Finding security flaws is now a fundamental development task, yet there has not been adequate documentation of the process used to find security bugs—until now. Before the Internet, computers were deployed in trusted environments and software development and testing practices emphasized functionality over security. As networking technologies emerged, though, times changed and people began to connect their computers together, instead of deploying in silos. However, development and testing practices did not account for attacks that could be mounted over networks.
Key Book Benefits:

Delivers practical, hands-oguidance on security bugs, how to find them, and how to help prevent them

Provides specific, actionable technical details about security testing

Covers these subjects, among others:

- The thought process behind security testing

- Research and experience on how to find security bugs

- How to classify the bugs you’ve found

- What to do when you’ve found a bug

- How to tell if a bug is serious and whether it is a security bug

- Use of source code to help in security testing

- Ways to spot security design flaws