The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

2017-07-07 02:10:07

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

%m format specifier 2nd

MAC (Media Address Control)

Macros, C programming language

magic_quotes option (PHP)

mail spools, UNIX

mailslot squatting

mailslots, Windows NT, IPC (interprocess communications)

Maimon, Uriel

maintaining state

client IP addresses

embedding state in HTML and URLs

HTTP authentication 2nd

Referer request header

sessions 2nd

security vulnerabilities

session management

session tokens

stateful versus stateless systems

maintenance, SDLC (Systems Development Life Cycle)

major components

make_table( ) function

malicious input, tracing

malloc( ) function 2nd

man-in-the-middle attacks

management, sessions

mapping CLSIDs to applications

Max-Forwards header field (HTTP)

Maximum Limit on Memory Allocation listing (7-43)

Maximum Memory Allocation Limit Vulnerability listing (7-44)

McDonald, John 2nd 3rd 4th

McGraw, Gary

Media Address Control (MAC)

Mehta, Neel 2nd 3rd

memory blocks, shared memory blocks

memory buffers, unitialized memory buffers

memory corruption

assessing

buffer overflows

global overflows

heap overflows

off-by-one errors

process memory layout

SHE (structured exception handling) attacks

stack overflows

static overflows

protection mechanisms

ASLR (address space layout randomization)

function pointer obfuscation

heap hardening

nonexecutable stack

SafeSEH

stack cookies

shellcode

memory management, auditing

ACC (allocation-check-copy) logs

allocation functions

allocator scorecards

double-frees

error domains

memory pages, nonexecutable memory pages

memory, 0 bytes, allocating

memset( ) function

message queues

Message-Id header field (HTTP)

messaging, Windows NT, IPC (interprocess communications)

metacharacter evasion

Metacharacter Vulnerability in PCNFSD listing (8-24)

metacharacters 2nd

embedded delimiters

filtering

character stripping vunerabilities

escaping metacharacters

insufficient filtering

metacharacter evasion

format strings

formats

NUL-byte injection

path metacharacters

file canonicalization

Windows registry

Perl open( ) function

shell metacharacters

SQL queries

truncation

UNIX programs, indirect invocation

metadata

methods

CONNECT

COPY

DELETE

GET 2nd

LOCK

MKCOL

MOVE

OPTIONS

POST

PROPFIND

PROPPATCH

PUT

SPACEJUMP

TEXTSEARCH

TRACE

UNLOCK

Microsoft Developer Network (MSDN)

Microsoft Windows Internals, 4th Edition

MIDL (Microsoft Interface Definition Language)

DCOM (Distributed Component Object Model)

RPCs (Remote Procedure Calls)

misinpreterpeting return values

Misuse of putenv( ) in Solaris Telnetd listing (10-3)

mitigating factors, operational vunerabilities

mitigation, threats

MKCOL method

mkdtemp( ) function

mkstemp( ) function

mktemp( ) function 2nd

Model component (MVC)

Model-View-Controller (MVC)

modular artihmetic

modules

analyzing, CC (code comprehension)

loosely coupled modules

strongly coupled modules

Modulus Vulnerability Example listing (6-28)

mount points, UNIX

MOVE method

MS-RPC DCOM Buffer Overflow Listing listing (7-16)

MSDN (Microsoft Developer Network)

MTA (mulitthreaded apartment), COM (Component Object Model)

multibyte character sequences, interpretation

MultiByteToWideChar( ) function 2nd

Multics (Multiplexed Information and Computing Service)

Multiple Embedded Delimiters listing (8-9)

multiple encoding layers

multiple-input test cases, code audits

Multiplexed Information and Computing Service (Multics)

multiplication overflows, Intel architectures 2nd

multiplicative operators

multithreaded apartment (MTA), COM (Component Object Model)

multithreaded programs, synchronization

deadlocks

PThreads API

race conditions

starvation

Windows API

Murray, Bill

mutex

mutex objects, Windows NT

mutexes, PThreads API

MVC (Model-View-Controller)

my_malloc( ) function

Index

Категории