The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

2017-07-07 02:10:07

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

failure handling

fastcalls

fclose( ) function

fcntl( ) function

feasibility studies (SDLC)

Feng, Dengguo

Ferguson, Niels

fgets( ) function 2nd

fields, hidden fields, auditing

FIFOs, UNIX

file access

ASP

ASP.NET

Java servlets

Perl

PHP

file canonicalization, path metacharacters

file descriptors

UNIX

file handlers

File I/O API, Windows NT

file inclusion

ASP

ASP.NET

Java servlets

Perl

PHP

file paths, truncation

file squatting, Windows NT

file streams, Windows NT

file system IDs, Linux

file system layout

file systems

OS interaction

execution

file uploading

null bytes

path traversal

programmatic SSI

permissions

File Transfer Protocol (FTP) [See FTP (File Transfer Protocol).]

file types, Windows NT

filenames, UNIX

files

change monitoring

closing, stdio system

core files

opening, stdio system

reading, stdio system 2nd

umask

UNIX 2nd 3rd

boot files

creating

descriptors

device files

directories

filenames

IDs

inodes

kernel files

libraries

links 2nd

log files

named pipes

pathnames

paths

permissions

personal user files

proc file system

program configuration files

program files

race conditions

security

sharing

stdio file interface

system configuration files

temporary files

uploading, security

Windows NT

canonicalization

case sensitivity

device files

DOS 8.3 filenames

extraneous filename characters

File I/O API

file open audits

file squatting

file streams

file types

links

permissions

writing to, stdio system

Filesystem Hierarchy Standard, UNIX

filtering metacharacters

character stripping vunerabilities

escaping metacharacters

insufficient filtering

metacharacter evasion

filters

explicit allow filters (white lists), metacharacters

explicit deny filters (black lists), metacharacters

Finding Return Values listing (7-27)

findings summaries, application review

firewalls 2nd

attack surfaces

host-based firewalls

layer 7 inspection

packet-filtering firewalls

proxy firewalls

spoofing attacks 2nd

close spoofing

distant spoofing

encapsulation

source routing

stateful firewalls

directionality

fragmentation

stateful inspection firewalls

TCP (Transport Control Protocol)

UDP (User Datagram Protocol)

stateless firewalls

fragmentation

FTP (File Transfer Protocol)

TCP (Transmission Control Protocol)

UDP (User Datagram Protocol)

flags

ACEs

TCP connections

URG flags, TCP (Transmission Control Protocol)

floating points, conversions

floating types, C programming language

floats

flow analysis

flow transfer statements, auditing

flow, control flow, auditing

fopen( ) function

fork( ) function 2nd

format specifiers

Format String Vulnerability in a Logging Routine listing (8-17)

Format String Vulnerability in WU-FTPD listing (8-16)

format strings

formats, metacharacters

format strings

path metacharacters

Perl open( ) function

shell metacharacters

SQL queries

forms (HTTP)

forward( ) method, Java servlets

forward-tracing code

fprintf( ) function

fragmentation

IP (Internet Protocol)

overlapping fragments

pathological fragment sets

processing

stateful firewalls

stateless firewalls

zero-length fragments

Frasunek, Przemyslaw

fread( ) function 2nd

free( ) function 2nd 3rd

FreeBSD

privileges, dropping temporarily

From header field (HTTP)

fscanf( ) function

fstat( ) function

ftok( ) function

FTP (File Transfer Protocol) 2nd

active FTP

passive FTP

stateless firewalls

fully functional resolvers (DNS)

function pointers

obfuscation

registration of

Function Prologue listing (5-1)

function prototypes, C programming language, type conversions

function_A( ) function

function_B( )

function_B( ) function

functions

_wsprintfW( )

_xlate_ascii_write( )

access( )

AdjustTokenGroups( )

AdjustTokenPrivileges( )

alloc( )

allocation functions, auditing

apr_palloc( )

auditing

argument meaning

audit logs

return value testing

side-effects

authenticate( )

bounded string functions 2nd

BUF-MEM_grow( ) function

calling conventions

checkForAnotherInstance( )

cleanup( )

cleanup_exit( )

close( )

CloseHandle( )

CoInitializeEx( )

collecttimeout( )

ConnectNamedPipe( )

ConvertSidToStringSid( )

ConvertStringSidToSid( )

CoRegisterClassObject( )

crackaddr( )

Create*( )

CreateEvent( )

CreateFile( ) 2nd 3rd 4th 5th 6th

CreateHardLink( )

CreateMutex( ) 2nd

CreateNamedPipe( ) 2nd

CreateNewKey( )

CreatePrivateNamespace( )

CreateProcess( ) 2nd

CreateRestrictedToken( )

CreateSemaphore( )

CreateWaitableTimer( )

CRYPTO_realloc_clean( )

data_xfer( )

DecodePointer( )

DecodeSystemPointer( )

delete_session( )

DeviceIoControl( )

DllGetClassObject( )

dlopen( )

do_cleanup( )

do_ip( )

do_mremap( )

edit( )

EncodePointer( )

EncodeSystemPointer( )

err( )

escape_sql( )

execl( )

execve( ) 2nd 3rd 4th

ExpandEnvironmentStrings( )

fclose( )

fcntl( )

fgets( ) 2nd

fopen( )

fork( ) 2nd

fprintf( )

fread( ) 2nd

free( ) 2nd 3rd

fscanf( )

fstat( )

ftok( )

function_A( )

function_B( )

get_mac( )

get_string_from_network( )

get_user( )

GetCurrentProcess( )

GetFullPathName( )

GetLastError( ) 2nd

GetMachineName( )

getrlimit( )

ImpersonateNamedPipe( )

initgroups( )

initialize_ipc( )

initJobThreads( )

input_userauth_info_response( )

invocations, C programming language

IsDBCSLeadByte( )

kill( )

list_add( )

list_init( )

longjump( )

lreply( )

lstat( )

make_table( )

malloc( ) 2nd

memset( )

mkdtemp( )

mkstemp( )

mktemp( ) 2nd

MultiByteToWideChar( ) 2nd

my_malloc( )

NtQuerySystemInformation( )

open( ) 2nd

OpenFile( )

OpenMutex( )

OpenPrivateNamespace( )

OpenProcess( )

parent functions, vunerabilities

parse_rrecord( )

php_error_docref( )

pipe( )

pop( )

popen( ) 2nd

prescan( ) 2nd

printf( ) 2nd

process_file( )

process_login( )

process_string( )

process_tcp_packet( )

process_token_string( )

processJob( )

processNetwork( )

processThread( )

push( )

putenv( )

pw_lock( )

QueryInterface( )

read( )

read_data( )

read_line( )

realloc( )

reentrancy

RegCloseKey( )

RegCreateKey( )

RegCreateKeyEx( ) 2nd

RegDeleteKey( )

RegDeleteKeyEx( )

RegDeleteValue( )

RegOpenKey( )

RegOpenKeyEx( )

RegQueryValue( )

RegQueryValueEx( )

retrieve_data( )

return values

finding

ignoring

misinterpreting

rfork( )

RpcBindingInqAuthClient( )

RpcServerListen( )

RpcServerRegisterAuthInfo( )

RpcServerRegisterIf( )

RpcServerRegisterIfEx( )

RpcServerUseProtseq( )

RpcServerUseProtseqEx( )

SAPI_POST_READER_FUNC( )

scanf( )

search_orders( )

semget( )

setegid( )

setenv( ) 2nd

seteuid( )

setgid( )

setgroups( )

setjump( )

setregid( )

setresgid( )

setresuid( )

setreuid( )

setrlimit( )

SetThreadToken( )

setuid( ) 2nd

ShellExecute( )

ShellExecuteEx( )

side-effects

referentially opaque side effects

referentially transparent side effects

siglongjump( )

signal( ) 2nd

sigsetjump( )

sizeof( ) 2nd

snprintf( ) 2nd 3rd

socketpair( ) 2nd

sprintf( ) 2nd 3rd

stat( )

strcat( )

strcpy( ) 2nd

strlcat( )

strlcpy( )

strlen( )

strncat( )

strncpy( ) 2nd

syslog( )

system( )

tempnam( )

TerminateThread( )

tgetent( )

time( )

tmpfile( )

tmpnam( )

toupper( )

try_lib( )

unbounded string functions

Unicode

UNIX

group ID functions

user ID functions

unlink( ) 2nd

uselib( )

utility functions, HTTP (Hypertext Transfer Protocol)

vfork( )

vreply( )

vsnprintf( )

wait functions

wcsncpy( )

WideCharToMultiByte( ) 2nd

fuzz testing

automation objects, COM (Component Object Model)

code auditing tools

Index

Категории