Testing for Security
Links from the class materials and other supplemental information, grouped by chapter:
Chapter 1: Introduction
Additional links, not from the course text, or, software needed for the chapter:
Chapter 2: Security Testing Introduction
Links from the text:
Chapter 3: Risk-based Testing
Links from the text:
Chapter 4: Input Validation Vulnerabilities
Links from the text:
Chapter 5: Fuzz testing (fuzzing)
Links from the text:
Chapter 6: Injection vulnerabilities
Links from the text:
Chapter 7: Static code analysis
Links from the text:
Chapter 8: Testing resource management
Chapter 9: Dynamic analysis
Links from the text:
Chapter 10: Complete and correct error handling
Links from the text:
Chapter 11: Output validation
Links from the text:
Chapter 12: Feature interactions
Links from the text:
Chapter 13: Data Security Testing
Links from the text:
Chapter 14: Insecure Communication
Links from the text:
Chapter 15: Authentication and Authorization Errors
Links from the text:
Chapter 16: Debugging with gdb
Links from the text:
Chapter 17: More debugging with gdb
Links from the text:
Chapter 18: Attacking Web Applications
Links from the text:
Additional links, not from the course text, or, software needed for the chapter:
nikto-2.02.tar.gz
web-developer-1.1.6.xpi
burpsuite_v1.1.zip
paros-3.2.13-unix.zip
paros-3.2.13-win.dat
paros-3.2.13-win.exe
paros-3.2.13-src.zip
paros_user_guide.pdf
WebGoat-OWASP_Standard-5.1.zip
(for Linux and Windows)
webgoat-5.1.sh (startup file for Linux)
webscarab-installer-20070504-1631.jar
webscarab-selfcontained-20070504-1631.jar
webscarab-src-20070504-1631.zip
switchproxy_tool-1.4.1-fx+mz+tb.xpi
tamper_data-10.0.4-fx.xpi
SkillBridge Training
Examples from the class notes (or,
all as one file).
Selected Solutions from the class notes (no
looking until you have solved the problems!). Note that all solutions
are in an appendix of your course book.
All solutions in a compressed tar file.
Evaluation form (if needed)