The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

EBP (extended base pointer)

edit( ) function

EDITOR environment variable (UNIX)

effective groups, UNIX 2nd

effective users, UNIX 2nd

EH (exception handling)

Einstein, Albert

elements, lists, duplicate elements

Embedded Delimiter Example listing (8-8)

embedded delimiters, metacharacters

embedded path information (HTTP)

embedding state in HTML and URLs

Empty List Vulnerabilities listing (7-12)

empty lists, vunerabilities

encapsulation, packets

EncodePointer( ) function

EncodeSystemPointer( ) function

encoding

     entities

     HTML encoding

     multiple encoding layers

     parameters

     UTF-16 encoding

     UTF-8 encoding

     XML encoding

encryption 2nd

     algorithms

     asymmetric encryption

     block ciphers

     common vunerabilities

     Digital Encryption Standard (DES) encryption

     ISAKMP (Internet Security Association and Key Management Protocol), vunerabilities

     IV (initialization vector)

     key exchange algorithms

     stream ciphers

     symmetric encryption

end user license agreements (EULAs)

endpoint mappers

endpoints, RPC servers, binding to

enforcing policies

enhanced kernel protections

enterprise firewalls, layer 7 inspection

entities (encoded data)

entries, UNIX directories

entry points

ENV environment variable (UNIX)

environment arrays, UNIX file descriptors

environment strings, Linux

environment subsystems

environment variables

     PATH_INFO

     UNIX

environmental attacks

equality operators

err( ) function

error checking branches, code paths

error domains

error messages, overly verbose error messages, Web-based applications

errors

     lists, pointer updates

     loops

escape_sql( ) function

escaping metacharacters

ESP (extended stack pointer)

Esser, Stefan

establishing TCP connections

ETag header field (HTTP)

/etc directory (UNIX)

EULAs (end user license agreements)

eval( ) function

     Perl

     PHP

evasion, metacharacter evasion

event objects, Windows NT

Example of Bad Counting with Structure Padding listing (6-34)

Example of Dangerous Program Use listing (8-19)

Example of Structure Padding Double Free listing (6-33)

exception handling (EH), C++

exceptional conditions

execl( ) function

Execute( ) function, ASP

execve( ) function 2nd 3rd 4th

ExpandEnvironmentStrings( ) function

Expect header field (HTTP)

expectations, security

Expert C Programming

Expires header field (HTTP)

explicit allow filters (white lists), metacharacters

explicit deny filters (black lists), metacharacters

explicit type conversions

Exploiting Software

exploiting transitive trusts

export function tables

extended base pointer (EBP)

extended stack pointer (ESP)

Extensible Stylesheet Language Transformations (XSLT) 2nd

extensions, UNIX privileges

external application invocation, OpenSSH

external entities

external flow sensitivity, code navigation

external trust levels

external trusted sources, spoofing attacks, firewalls

extraneaous dilimiters

extraneous filename characters, Windows NT

extraneous input thinning, test cases, code audits

Related

Категории