chapter 1 Introduction -- chapter 2 Security Vocabulary -- chapter 3 Software Testing and Changes in the Security Landscape -- chapter 4 All Trust Is Misplaced -- chapter 5 Security Testing Considerations -- chapter 6 Threat Modeling and Risk Assessment Processes -- chapter 7 Personas and Testing -- chapter 8 Security Test Planning -- chapter 9 Sample Security Considerations -- chapter 10 Vulnerability Case Study: Brute Force Browsing -- chapter 11 Vulnerability Case Study: Buffer Overruns -- chapter 12 Vulnerability Case Study: Cookie Tampering -- chapter 13 Vulnerability Case Study: Cross-Site Scripting (XSS) -- chapter 14 Vulnerability Case Study: Denial of Service/Distributed Denial of Service -- chapter 15 Vulnerability Case Study: Format String Vulnerabilities -- chapter 16 Vulnerability Case Study: Integer Overflows and Underflows -- chapter 17 Vulnerability Case Study: Man-in-the-Middle Attacks -- chapter 18 Vulnerability Case Study: Password Cracking -- chapter 19 Vulnerability Case Study: Session Hijacking -- chapter 20 Vulnerability Case Study: Spoofing Attacks -- chapter 21 Vulnerability Case Study: SQL Injection -- chapter 22 Fuzz Testing -- chapter 23 Background: Cryptography -- chapter 24 Background: Firewalls -- chapter 25 Background:OSI Network Model -- chapter 26 Background: Proxy Servers -- chapter 27 Background: TCP/IP and Other Networking Protocols -- chapter 28 Background: Test Case Outlining (TCO).