The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] O_CREAT | O_EXCL flag (UNIX) O_EXCL flag (UNIX) Object Management Group (OMG) object systems, permissions objects analyzing, CC (code comprehension) C programming language change monitoring COM (Component Object Model), automation objects 2nd connection points DCOM objects activation invocation linking, vunerabilities unitialized attributes variables, management Windows NT boundary descriptor objects handles namespaces nonsecurable objects SymbolicLink objects system objects Oechslin, Philippe off-by-one errors, buffer overflows Off-by-One Length Miscalculation listing (5-2) Off-by-One Length Miscalculation listing (5-3) Off-by-One Overwrite listing (5-6) OLE (Object Linking and Embedding), COM (Component Object Model) Olsson, Mikael OMG (Object Management Group) omissions, file descriptors, UNIX ONC (Open Network Computing) RPCs 2nd open( ) function 2nd open( ) system call (UNIX) OpenBSD 2.8 2nd OpenBSD ftp Off-by-one Vulnerability listing (7-20) OpenFile( ) function opening files, stdio file system OpenMutex( ) function OpenPrivateNamespace( ) function OpenProcess( ) function OpenSSH authentication files code auditing, case study configuration file data buffers, vunerabilities external application invocation local privilege separation socket remote client socket OpenSSH Buffer Corruption Vulnerability listing (7-4) OpenSSL BUF-MEM_grow( ) function double-free vunerabiltiy OpenSSL BUF_MEM_grow( ) Signed Variable Desynchronization listing (7-5) operands, order of evaluation operating systems, file system interaction execution file uploading null bytes path traversal programmatic SSI operational vulnerabilities access control attack surfaces development protective measures ASLR (address space layout randomization) heap protection nonexecutable stacks registered function pointers stack protection VMs (virtual machines) exposure host-based measures antimnalware applications change monitoring chroot jails enhanced kernel protections file system permissions host-based firewalls host-based IDSs (intrusion detection systems) host-based IPSs (intrusion prevention systems) object system permissions restricted accounts system virtualization insecure defaults network profiles network-based measures NAT (Network Address Translation) network IDSs network IPSs segmentation VPNs (virtual private networks) secure channels spoofing unnecessary services Web-specific vulnerabilities authentication default site installations directory indexing file handlers HTTP request methods overly verbose error messages public-facing administrative interfaces Web-specific vunerabilities operational vunerabilities 2nd operations, SDLC (Systems Development Life Cycle) operators assignment operators, type conversions binary bitwise operators bitwise shift operators C programming language 2nd equality operators multiplicative operators question mark operators relational operators vulnerabilities right shift size options IP (Internet Protocol) TCP options, processing OPTIONS method order of action, ACC logs Order of Evaluation Logic Vulnerability listing (6-30) Order of Evaluation Macro Vulnerability listing (6-31) order of evaluation, operands originator validation Osborne, Anthony out-band representation, metadata out-of-order statements Out-of-Order Statements listing (7-35) Outdated Pointer Use in ProFTPD listing (7-31) Outdated Pointer Vulnerability listing (7-30) outdated pointers ProFTPD overflow multiplication overflows, Intel architectures 2nd unsigned integers Overflowing into Local Variables listing (5-4) overlapping fragments, IP (Internet Protocol) overly verbose error messages, Web-based applications overwriting bytes ownership, UNIX files, race conditions |
Категории