Secure Coding[c] Principles and Practices 2003

capability cube  

case studies

       802.11 wireless LAN security design errors  

       Access Control Executive (ACE)  

       AusCERT overflow wrapper  

       automation and testing  

       CGI phonebook program flaw  

       Code Red worm  

       customer portal design  

       due diligence review from hell  

       faulty telephone switch  

       file parsing vulnerability  

       full service network review  

       Java sandbox  

       legacy application review  

       misuse of white noise source  

       mouse driver security  

       operations  

       Postfix mail transfer agent  

       privilege compartmentalization flaw  

       Sendmail restricted shell  

       TCP Wrappers  

castle and moat mentality  

CERT Survivability Project  

CERT/CC  

CGI phonebook program flaw, case study  

checklists   2nd   3rd   4th  

       automated for security implementation  

       recommended use of  

checks and balances  

chesstool  

Christiansen, Tom  

chroot  

       jail   2nd  

code

       obsolete  

       testing  

code maintenance  

Code Red worm, case study  

command-line parameters  

common sense and security architecture  

commons, tragedy of  

compartmentalization  

compartmentalized environment, installing  

complexity as a factor in secure coding  

Computer Emergency Response Team Coordination Center (CERT/CC)  

configuration files  

configurations

       managing  

       testing  

contract workers  

cost of fixing bugs  

costs versus benefits in security design  

Cowan, Crispin  

cracking programs  

CRC-32 checksum cryptographic errors  

currency, maintaining  

customer portal design, case study