STARWEST 2003: How To Break Software Security
We have all experienced the "thrill" of functional testing, going through requirements and then crafting test cases to ensure that the application behaves according to specifications. While this method has its place, it misses many classes of bugs, especially security bugs. For example, security bugs can manifest as extra functionality that may not violate requirements directly, but still expose catastrophic holes in software. Based on strategies that have successfully broken some of the world's most secure applications, Herbert Thompson presents the tools and techniques you need to find security problems before your application is released. Learn the security attacks and tools to uncover security vulnerabilities before hackers discover them for you.