The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

IDA Pro binary navigation tool

IDC (Internet Database Connection)

identification payloads, ISAKMP (Internet Security Association and Key Management Protocol)

idioms, UNIX privileges, misuse of

IDL files, RPCs (Remote Procedure Calls)

IDs, files, UNIX

IDSs (intrusion detection systems)

     host-based IDSs (intrusion detection systems)

If Header Processing Vulnerability in Apache's mod_dav Module listing (8-6)

If-Match header field (HTTP)

If-Modified-Since header field (HTTP)

If-None-Match header field (HTTP)

If-Range header field (HTTP)

If-Unmodified-Since header field (HTTP)

Ignoring realloc( ) Return Value listing (7-25)

Ignoring Return Values listing (7-28)

ImpersonateNamedPipe( ) function

impersonation

     DCOM (Distributed Component Object Model)

     IPC (interprocess communications)

         levels

         SelimpersonatePrivilege

     RPCs (Remote Procedure Calls)

     Windows NT sessions, access tokens

implementation

     SDLC (Systems Development Life Cycle)

     vunerabilities

implementation analysis, OpenSSH, code auditing

implementation defined behavior, C programming language

implicit type conversions

import function tables

imports, Windows binary layout

in-band representation, metadata

in-house software audits

.inc files

     ASP

     PHP

include( ) method, Java servlets

Incorrect Temporary Privilege Relinquishment in FreeBSD Inetd listing (9-2)

independent research

indexed queries 2nd

Indirect Memory Corruption listing (5-5)

indirect program invocation, UNIX

information collection

     application review

     threat modeling

inheritance

     ACLs (access control lists), Windows NT

     Windows NT object handles

initgroups( ) function

initialization vector (IV)

initialization, variables, auditing

initialize_ipc( ) function

initJobThreads( ) function

inline evaluation

     ASP

     ASP.NET

     Java servlets

     Perl

     PHP

inodes (information nodes), UNIX files

input

     extraneous input thinning

     malicious input, tracing

     treating as hostile

     vulnerabilities

input_userauth_info_response( ) function

insecure defaults

insufficient validation, authentication

integer conversion rank

integer overflow

Integer Overflow Example listing (6-2)

Integer Overflow with 0Byte Allocation Check listing (7-37)

Integer Sign Boundary Vulnerability Example in OpenSSL 0.9.6l listing (6-6)

integer types, C programming language

integer underflow 2nd

integers

     promotions

    signed integers

         boundaries

         vunerabilities

     type conversions

         narrowing

         sign extensions

         value preservation

         widening

    unsigned integers

         boundaries 2nd

         numeric overflow

         numeric underflow

         vunerabilities

integration, SDLC (Systems Development Life Cycle)

integrity

     auditing, importance of 2nd

     common vunerabilities

     cryptographic signatures

     expectations of

     hash functions

     originator validation

     salt values

Intel architectures

     carry flags (CFs)

     multiplication overflows 2nd

interface proxies, COM (Component Object Model)

interfaces

     COM (Component Object Model) applications

         auditing

     network interfaces

     RPC servers, registering

     vulnerabilities

internal flow analysis, code auditing

internal trusted sources, spoofing attacks, firewalls

Internet Database Connection (IDC)

Internet Server Application Programming Interface (ISAPI)

interprocess communication, UNIX

interprocess communications (IPC) [See IPC (interprocess communications), Windows NT.]

interprocess synchronization, vulnerabilities

interruptions, signals 2nd

interviewing developers

intrusion prevention systems (IPSs) [See IPSs (intrusion prevention systems).]

INVALID_HANDLE_VALUE, NULL, compared

invocation

     DCOM objects

     UNIX programs

         direct invocation

         indirect invocation

IP (Internet Protocol)

     addresses

         maintaining state with

     addressing

     checksum

     fragmentation

         overlapping fragments

         pathological fragment sets

         processing

     header validation

     IP packets

     options

     source routing

     subnet

IPC (interprocess communications), Windows NT

     COM (Component Object Model)

     DDE (Dynamic Data Exchange)

     desktop object

     impersonation

     mailslots

     messaging

     pipes

     redirector

     RPCs (Remote Procedure Calls)

     security

     shatter attacks

     window station

     WTS (Windows Terminal Services)

IPSs (intrusion prevention systems)

     host-based IPSs (intrusion prevention systems)

IRIX

ISAKMP (Internet Security Association and Key Management Protocol)

     encryption vunerabilities

     headers

     payloads

         certificate payloads

         certificate request payloads

         delete payloads

         hash payloads

         identification payloads

         key exchange payloads 2nd

         nonce payloads

         notification payloads

         proposal payloads

         SA (security association) payloads

         signature payloads

         transform payloads

         vendor ID payloads

ISAPI (Internet Server Application Programming Interface)

ISAPI filters

IsDBCSLeadByte( ) function

iterative process, application review

Related

Категории