Press Releases
APPLICATION SECURITY EXPERTS AUTHOR THIRD
HOW TO… BOOK
HOW TO BREAK WEB SOFTWARE
One-Stop-Shop for Functional and Security Testing of Web
Applications and Web Services
RSA Conference 2006─SAN JOSE, Calif.―February 14, 2006
- By the author who gave you How to Break Software (Addition-Wesley,
2002) and How to Break Software Security (Addison-Wesley, 2003),
comes another in the How to line of books designed to help software
teams determine software vulnerabilities in applications. James
Whittaker, Ph.D., founder of Security Innovation, has now penned a
third book titled, How to Break Web Software (Addison-Wesley, 2006)
with Mike Andrews, Ph.D., consultant with Foundstone.
This book offers a hands-on approach by pointing the tester toward
specific attacks to try on their application to test its defenses.
Readers will look at classic examples of malicious input, ways of
bypassing validation and authorization checks, as well as problems
inherited from certain configurations/languages/ architectures—all
in a simple format that will show where to look for the problem, how
to test for the problem and advice on methods of mitigation.
How to Break Web Software: Functional and Security Testing of Web
Applications and Web Services, ISBN: 032129431 by James Whittaker
and Mike Andrews, is available at retail books stores and online
booksellers. List price $34.99 USD. For more information and to read
a chapter excerpt entitled, “State-based Attacks,” visit the
official book page at
http://www.awprofessional.com/bookstore/product.asp?isbn=0321369440&rl=1
“The overwhelming request from our readers has been on the subject
of Web applications. It seems many testers find they are working in
this area and are facing the prospect of testing applications that
employ applications’ specialized protocols and languages that exist
on the World Wide Web,” said Dr. Whittaker. “Although many of the
tests from the other “How to…” books are relevant in this
environment, applications hosted on the Internet do suffer from some
unique problems. This book tackles those problems in the same spirit
of its predecessors with a decided slant toward security issues in
Web applications.”
The focus of How to Break Web Software is how to test Web
applications for common failures that can lead to exploitation. It
contains information about how not to architect and code a Web
application. The intended audience for the book is software
developers, testers, managers, and quality assurance professionals
to help put the hackers out of business. The authors want to guide
testers toward areas of the application that are prone to problems
and methods of rooting them out.
About the Authors
Mike Andrews, Ph.D. is a senior consultant at Foundstone who
specializes in software security and leads the Web application
security assessments and Ultimate Web Hacking classes. He brings
with him a wealth of commercial and educational experience from both
sides of the Atlantic and is a widely published author and speaker.
Before joining Foundstone, Dr. Andrews was a freelance consultant
and developer of Web-based information systems, working with clients
such as The Economist, the London transport authority, and various
United Kingdom universities. In 2002, after being an instructor and
researcher for a number of years, Dr. Andrews joined the Florida
Institute of Technology as an assistant professor, where he was
responsible for research projects and independent security reviews
for the Office of Naval Research, Air Force Research Labs, and
Microsoft Corporation. Dr. Andrews holds a Ph.D. in computer science
from the University of Kent at Canterbury in the United Kingdom,
where his focus was on debugging tools and programmer psychology.
James A. Whittaker is a professor of computer science at the Florida
Institute of Technology (Florida Tech) and is founder of Security
Innovation, the authority on application security and leading
independent provider of assessment and training services. His
research interests are software testing, software security, software
vulnerability testing, and anti-cyber warfare technology. James is
the author of How to Break Software (Addison-Wesley, 2002) and
coauthor (with Herbert Thompson, Ph.D.) of How to Break Software
Security (Addison-Wesley, 2003), and more than fifty peer-reviewed
papers on software development and computer security. Dr. Whittaker
holds patents on various inventions in software testing and
defensive security applications and has attracted millions in
funding, sponsorship, and license agreements while a professor at
Florida Tech. He has also served as a testing and security
consultant for Microsoft, IBM, Rational, and many other United
States companies.
In 2001, Dr. Whittaker was appointed to Microsoft’s Trustworthy
ComputingAcademic Advisory Board and was named a “Top Scholar” by
the editors of the Journal of Systems and Software, based on his
research publications in software engineering. His research team at
Florida Tech is known for its testing technologies and tools, which
include the highly acclaimed runtime fault injection tool Holodeck.
His research group is also well known for their development of
exploits against software security, including cracking encryption,
passwords and infiltrating protected networks via novel attacks
against software defenses. Dr. Whittaker earned his Ph.D. in
computer science from the University of Tennessee.
About Addison-Wesley
Addison-Wesley is the leading publisher of high-quality and timely
information for programmers, developers, and system administrators.
The Company's mission is to provide educational materials concerning
new technologies and new approaches to current technologies written
by leading authorities. Addison-Wesley is a division of Pearson
Education, the global leader in integrated education publishing.
Pearson Education is part of Pearson plc (NYSE: PSO), the
international media company. Visit us at www.awprofessional.com.
Contacts:
Davida Dinerman/Tom Bain
Schwartz Communications, Inc.
(781) 684-0770
sisecure@schwartz-pr.com
