Security Testing

First, a must read article Anatomy Of A Break-In by Ira Winkler. What an incredible experience report.

Second, I've been reading Security in Computing, 3rd Edition by Pfleeger and Pfleeger. I'm reading this text for a class. In general, I hate textbooks. I think they tend to say in 700 pages what a good author can say in 200 pages. I'm pleased to say that (for the most part) I find this one well written, challenging, and informative.

It's got some great overview material, some great taxonomies for security, and some great explanations of the mathematics behind encryption, along with practical examples. It's a little dated (you can tell it's a third edition), but it does contain most large recent events in security.

The chapter titled Program Security is available online. This chapter is a fairly representative of the rest of the book, but it doesn't have any of the cool math (that's in the chapters on encryption). While reading this chapter, I started thinking of the errors and how I would test them.

That leads me to one of the next articles I want to write. I've written one article on security testing with open source tools and I would like to write another one. I was thinking about using the Program Security chapter as an outline.

I would like to make an official call for interest in co-authoring something like this. I would like to write using real examples (change the names to protect the guilty and all that) and hopefully show how to do the testing with open source tools. I don't really care how many co-authors we have, I just want it to be good (I think my other article is ok, but real examples are always better).

If you would like to co-author something like this, or you just want to contribute a real experience, drop me a line.