1. Case your own joint : a paradigm shift from traditional software testing -- 2. How vulnerabilities get into all software -- 3. The secure software development lifecycle -- 4. Risk-based security testing : prioritizing security testing with threat modeling -- 5. Shades of analysis : white, gray, and black box testing -- 6. Generic network fault injection -- 7. Web applications : session attacks -- 8. Web applications : common issues -- 9. Web proxies : using WebScarab -- 10. Implementing a custom fuzz utility -- 11. Local fault injection -- 12. Determining exploitability