The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

2017-07-07 02:10:07

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

AASP (Active Server Pages)

Abstract Syntax Notation (ASN.1) [See ASN.1 (Abstract Syntax Notation).]

Abstraction, software design

ACC (allocation-check-copy) logs

auditing

data assumptions

order of action

unanticipated conditions

Accept header field (HTTP)

Accept-Charset header field (HTTP)

Accept-Encoding header field (HTTP)

Accept-Language header field (HTTP)

Accept-Ranges header field (HTTP)

access control

ASP.NET

DCOM (Distributed Component Object Model)

vunerabilities

access control entries (ACEs) [See ACEs (access control entries).]

access control policy

access masks, Windows NT, security descriptors

access tokens, Windows NT sessions

contexts

group lists

impersonation

privileges

restricted tokens

SAFER (Software Restriction Policies) API

access( ) function

accountability, common vulnerabilities

accuracy, software design

ACEs (access control entries)

flags

orders

ACFs (application configuration files), RPCs (Remote Procedure Calls)

ACLs (access control lists)

low-level ACL control

permissions, auditing

Windows NT, inheritance

activation records, runtime stack

activation, DCOM objects

active FTP

Active Server Pages (ASP) [See ASP (Active Server Pages).]

Active X controls 2nd

COM (Component Object Model), security

kill bit

signing

site-restricted controls

threading

ActiveX Data Objects (ADO)

address space layout randomization (ASLR) [See ASLR (address space layout randomization).]

addresses

IP addresses

maintaining state with

subnet addresses

AdjustTokenGroups( ) function

AdjustTokenPrivileges( ) function

ADO (ActiveX Data Objects)

ADT (abstract data type), stacks

Age header field (HTTP)

Aitel, Dave

AIX

AJAX (Asynchronous JavaScript and XML)

algorithms

analyzing, CC (code comprehension)

encryption

block ciphers

common vunerabilities

exchange algorithms

IV (initialization vector)

stream ciphers

hashing algorithms

software design

alloc( ) function

allocating 0 bytes

allocation functions, auditing

allocation-check-copy (ACC) logs [See ACC (allocation-check-copy) logs.]

allocator scorecards

Allocator with Header Data Structure listing (7-39)

Allocator-Rounding Vulnerability listing (7-38)

Allow header field (HTTP)

Allowed header field (HTTP)

analysis phase, code review 2nd

findings summary

analyzing

algorithms, CC (code comprehension)

classes, CC (code comprehension)

modules, CC (code comprehension)

objects, CC (code comprehension)

Anderson, J.S.

anonymous pipes, Windows NT

antimnalware applications

antisniff tool, vunerabilities

Antisniff v1.0 Vulnerability listing (6-8)

Antisniff v1.1 Vulnerability listing (6-9)

Antisniff v1.1.1 Vulnerability listing (6-10)

Antisniff v1.1.2 Vulnerability listing (6-11)

Apache 1.3.29/2.X mod_rewrite Off-by-one Vulnerability listing (7-19)

Apache API

Apache mod_dav CDATA Parsing Vulnerability listing (7-1)

Apache mod_php Nonterminating Buffer Vulnerability listing (7-18)

Apache, Struts framework

APCs (asynchronous procedure calls)

APIs (application programming interfaces)

Apache API

ISAPI (Internet Server Application Programming Interface)

NSAPI (Netscape Server Application Programming Interface)

Appel, Andrew W.

AppID keys

application access, categories

application architecture modeling

application identity, DCOM (Distributed Component Object Model)

application IDs, COM (Component Object Model)

application layer, network segmentation

application manifests

application protocols

ASN.1 (Abstract Syntax Notation)

BER (Basic Encoding Rules)

CER (Canonical Encoding Rules)

DER (Distinguished Encoding Rules) 2nd

PER (Packed Encoding Rules)

XER (XML Encoding Rules)

auditing

data type matching

data verification

documentation collection

identifying elements

system resource access

DNS (Domain Name System) 2nd

headers

length variables

name servers

names

packets

question structure

request traffic

resolvers

resource records 2nd 3rd

spoofing

zones

HTTP (Hypertext Transfer Protocol)

header parsing

posting data

resource access

utility functions

ISAKMP (Internet Security Association and Key Management Protocol)

encryption vunerabilities

headers

payloads

application review

application review phase 2nd 3rd

bottom-up approach

hybrid approach

iterative process

peer reviews

planning

reevaluation

status checks

top-down approach

working papers

code auditing 2nd 3rd

binary navigation tools

CC (code comprehension) strategies

CP (candidate point) strategies 2nd

debuggers

dependency alnalysis

desk checking

DG (design generalization) strategies 2nd

fuzz testing tools

internal flow analysis

OpenSSH case study

rereading code

scorecard

source code navigators

subsystem alnalysis

test cases

code navigation

external flow sensitivity

tracing

documentation and analysis phase 2nd

findings summary

preassessment phase

application access

information collection

scoping

process outline

remediation support phase 2nd

application-specific CPs (candidate points)

applications

attack surfaces

COM (Component Object Model) applications, registration

DCOM (Distributed Component Object Model) applications, auditing

reverse-engineering applications

RPC (Remote Procedure Call) applications, auditing

Web applications [See Web applications, access control.]

Applied Cryptography

appSettings section, ASP.NET

apr_palloc( ) function

arbitrary file accesses, junction points

argument promotions

arguments, functions, auditing

arithmetic

C programming language

arithmetic boundary conditions

signed integer boundaries

unsigned integer boundaries

modular arithmetic

pointers

arithmetic boundaries, variables, auditing

arithmetic boundary conditions, C programming language

numeric overflow conditions

numeric underflow conditions

numeric wrapping

signed integers

unsigned integers

arithmetic shift

Arithmetic Vulnerability Example in the Parent Function listing (7-10)

Arithmetic Vulnerability Example listing (7-9)

ASLR (address space layout randomization)

operational vulnerabilities, preventing

ASN.1 (Abstract Syntax Notation)

BER (Basic Encoding Rules)

CER (Canonical Encoding Rules)

DER (Distinguished Encoding Rules) 2nd

PER (Packed Encoding Rules)

XER (XML Encoding Rules)

ASP (Active Server Pages)

configuration settings

cross-site scripting

file access

file inclusion

inline evaluation

shell invocation

SQL injection queries

ASP.NET

configuration settings

cross-site scripting

file access

file inclusion

inline evaluation

shell invocation

SQL injection queries

assessments

applications

code

application review phase 2nd

code auditing

code navigation

documentation and analysis phase 2nd

preassessment phase

process outline

remediation support phase 2nd

assets, information collection

assignment operators, C programming language, type conversions

asymmetric encryption

Asynchronous JavaScript and XML (AJAX)

asynchronous procedure calls (APCs) [See APCs (asynchronous procedure calls).]

asynchronous-safe code, reentrancy

asynchronous-safe function, signals 2nd 3rd

ATL (Active Template Library), DCOM (Distributed Component Object Model)

atomicity

attack surfaces

applications

firewalls

attack trees

attack vectors, high-level attack vectors, OpenSSH

attacks

attack surfaces, applications

attack trees

bait-and-switch attacks

blind data injection attacks

blind reset attacks

cryogenic sleep attacks

DoS (denial of service) attacks

name validation

environmental attacks

exceptional conditions

homographic attacks

node types

second-order injection attacks

shatter attacks

SHE (structured exception handling) attacks

SMB relay attacks

spoofing attacks

DNS (Domain Name System)

firewalls

terminal attacks

attributes

objects, uninitialized attributes

UNIX processes

file descriptors

resource limits

retention

audit logs, function audit logs

auditing

application protocols

data type matching

data verification

documentation collection

identifying elements

system resource access

black box testing, compared

code 2nd 3rd

binary navigation tools

CC (code comprehension) strategies

CP (candidate point) strategies 2nd

debuggers

dependency alnalysis

desk checking

DG (design generalization) strategies 2nd

fuzz testing tools

internal flow analysis

OpenSSH case study

rereading code

scorecard

SDLC (Systems Development Life Cycle)

source code navigators

subsystem alnalysis

test cases

code-editing situations

COM (Component Object Model) applications, interfaces

control flow

flow transfer statements

looping constructs

switch statements

DCOM (Distributed Component Object Model) applications

file opens, Windows NT

functions

argument meaning

audit logs

return value testing

side-effects 2nd

hidden fields

importance of 2nd

memory management

ACC (allocation-check-copy) logs

allocation functions

allocator scorecards

double-frees

error domains

permissions, ACLs

RPC applications

running code

UNIX privileges, management code

variables

arithmetic boundaries

initialization

lists

object management

relationships

structure management

tables

type confusion

Web applications

activities to isolate

avoiding assumptions

black box testing

enumerating functionality

goals

multiple approaches

reverse-engineering

testing and experimentation

AUTH_TYPE (environment variable)

authenticate( ) function

authentication

common vulnerabilities

insufficient validation

untrustworthy credentials

HTTP authentication 2nd

RPC servers

RPCs (Remote Procedure Calls), UNIX

Web-based applications

authentication files, OpenSSH

authorization 2nd

ASP.NET

common vulnerabilities

Authorization header field (HTTP)

automated source analysis tools, code audits, CP candidate point) strategy

automatic threat modeling

automation objects, COM (Component Object Model)

fuzz testing

automation servers

availability

common vunerabilities

expectations of

Index

Категории