How to Break Software Security by James A. Whittaker

by James A. Whittaker

Practical tutorial on how to actually do testing by presenting numerous "attacks" you can perform to test your software for bugs. Practical approach has little or no theory, but shows real ways effectively test software—accessible to beginners and seasoned testers. The author is well known and respected as an industry consultant and speaker. Uses market leading, and immediately identifiable, software applications as examples to show bugs and techniques. How to Break Software is a departure from conventional testing in which testers prepare a written test plan and then use it as a script when testing the software. The testing techniques in this book are as flexible as conventional testing is rigid. And flexibility is needed in software projects in which requirements can change, bugs can become features and schedule pressures often force plans to be reassessed. Software testing is not such an exact science that one can determine what to test in advance and then execute the plan and be done with it. Instead of a plan, intelligence, insight, experience and a "nose for where the bugs are hiding" should guide testers. This book helps testers develop this insight. The techniques presented in this book not only allow testers to go off-script, they encourage them to do so. Don't blindly follow a document that may be out of date and that was written before the product was even testable. Instead, use your head! Open your eyes! Think a little, test a little and then think a little more. This book does teach planning, but in an "on- the-fly while you are testing" way. It also encourages automation with many repetitive and complex tasks that require good tools (one such tool is shipped with this book on the companion CD). However, tools are never used as a replacement for intelligence. Testers do the thinking and use tools to collect data and help them explore applications more efficiently and effectively.James A. Whittaker is a well-known speaker and consultant, as well as seasoned professor.

Genres: Technology, Computer Science, Nonfiction, Programming, Reference, Technical

Paperback

First published May 19, 2002

Reviews

[Curry Eh]

I don't know yet.

[Kevin Godinho · Rating 3 out of 5]

Good book on testing software. Bad news is, it's a book on testing software. Rather boring.

[Ethan Harvey · Rating 3 out of 5]

Dated but again useful enough to gain context and refresh existing ideas.

[Thom · Rating 5 out of 5]

Essential reading for anyone in QA or software testing, James Whittaker outlines a model for strategic, iterative testing that dispenses with throwing levers in the dark in favor of measurable results.

[Carlos Mueses · Rating 4 out of 5]

This book is a bit old, back James still liked testing lol (unlike on "How Google tests Software"). But even with some outdated references there's value on the teachings and more than anything on the mindset it leaves you with. I feel like I wont look at an application the same after reading this and that's a great feeling indeed.

[Doron · Rating 2 out of 5]

I think the book has interesting information. Even today there aren’t many books that are so detailed about finding bugs. However today you can find cheat-sheets and heuristics in abundance on the internet. The book is outdated, and there are many other books and articles on the internet I would recommend to read before this one.
Book review list: https://www.testerschoice.pro/book-re...

[Wayne · Rating 2 out of 5]

Very high level intro in to the field of security testing. If you are new to the field then there may be some stuff to gain from the book, but it is too high level and introductory if you've even dabbled a little with the subject before.

[Dustin · Rating 5 out of 5]

I read this the first weekend after I got hired as a software tester and James Whittaker is a rockstar. Not only does he lay out a detailed methodology about how to test software, he also manages to make it an entertaining read. If you do any kind of work with software, I recommend it.

[Kevin Connery · Rating 4 out of 5]

Approaches testing from a different set of fundamentals. It's not a risk-based approach in the user or business sense, but it does deal well with code-based risks. Found some new insights. Highly recommended.

[Jorge · Rating 4 out of 5]

A rather old book by tech standards but full of practical testing advise still aplicable today. The recap list of testing strategies at the end of each chapter is a good cheatsheet to keep around.

It's a shame that is not available in digital format.

[Amanda · Rating 4 out of 5]

I *heart* James Whitaker's presentations. The content of the book was decent but mostly common sense...the appendix section was the most helpful/interesting.

[J.A. Simmons V · Rating 4 out of 5]

Just for the CD alone is a useful tool for desktop software testing.

[Ardyth · Rating 4 out of 5]

great, very efficient approach especially for UI testing.

[Antonina Burlachenko · Rating 5 out of 5]

You won't become a hacker after reading it, but I liked how it's structured and it inspired me to dig further into penetration testing.