This is a new security book from MSPress that focuses on security testing. I read some of the chapters a few weeks ago, and it's wonderful to add a testing perspective to the world of security. A great deal has been written about security and code quality, but virtually nothing about security testing, and certainly nothing as complete as this book; the authors, Bryan Jeffries, Lawrence Landauer and Tom Gallagher have done a wonderful job.

Chapter Listing:

• General Approach to Security Testing
• Using Threat Models for Security Testing
• Finding Entry Points
• Becoming a Malicious Client
• Becoming a Malicious Server
• Spoofing
• Information Disclosure
• Buffer Overruns and Stack and Heap Manipulation
• Format String Attacks
• HTML Scripting Attacks
• XML Issues
• Canonicalization Issues
• Finding Weak Permissions
• Denial of Service Attacks
• Managed Code Issues
• SQL Injection
• Observation & Reverse Engineering
• ActiveX Repurposing
• Additional Repurposing Attacks
• Reporting Security Bugs

Appendix A: Tools of the Trade

Appendix B: Security Test Case Cheat Sheet

More info about the book is here.