The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

sa_handler

Sacerdote, David

SAFER (Software Restriction Policies) API, Windows NT sessions, access tokens

SafeSEH

salt values

sandboxing

SAPI_POST_READER_FUNC( ) function

saved set groups (UNIX)

saved set users (UNIX)

saved set-user-IDs (UNIX)

saved-set-group-IDs (UNIX)

/sbin directory (UNIX)

scanf( ) functions

scanning

     TCP packets

Schneier, Bruce

SCM (Services Control Manager)

SCO

scoping, code review

scorecards, code audits

script URI

SCRIPT_NAME (environment variable)

scripts

     server-side scripting

     XSS (cross-site scripting)

SDLC (Systems Development Life Cycle), code audits

SEARCH method

search_orders( ) function

second order injection

second-order injection attacks

secondary groups, UNIX

securable objects, Windows NT

secure channels

Secure Programming

Secure Socket Layer/Transport Layer Security (SSL/TLS) 2nd

Secure Sockets Layer (SSL) [See SSL (Secure Sockets Layer).]

securelevels (BSD)

security

     access control

     C/C++ problems

     expectations

     OS and file system interaction

         execution

         file uploading

         null bytes

         path traversal

         programmatic SSI

     phishing and impersonation

     policies, enforcing

     SQL injection

         parameterized queries

         prepared statements

         second order injection

         stored procedures

         testing for

     threading issues

     Web environments

     XML injection

     XPath injection

     XSS (cross-site scripting)

security association (SA) payloads, ISAKMP (Internet Security Association and Key Management Protocol)

Security Association and Key Management Protocol (ISAKMP) [See ISAKMP (Internet Security Association and Key Management Protocol).]

security breaches, policy breaches, compared

security descriptors, Windows NT

     access masks

     ACL inheritance

     ACL permissions

     programming interfaces

     strings

segmentation (network)

     layer 1 (physical)

     layer 2 (data link)

     layer 3 (network)

     layer 4 (transport)

     layer 5 (session)

     layer 6 (presentation)

     layer 7 (application)

segments, TCP (Transmission Control Protocol)

SEH (structured exception handling) attacks 2nd

SelimpersonatePrivilege, IPC (interprocess communications)

semaphore sets

semaphores

     System V IPC

     Windows NT

semget( ) function

sending signals

Sendmail

     crackaddr( ) function, vunerabilities

     prescan sign extension vunerability

     return values, update vunerability

Sendmail crackaddr( ) Related Variables Vulnerability listing (7-3)

Sendmail Return Value Update Vulnerability listing (7-32)

sentinel nodes

sequence numbers, TCP (Transmission Control Protocol)

Server header field (HTTP)

Server Message Blocks (SMBs) 2nd

server-side includes (SSIs)

server-side scripting

server-side transformation

SERVER_NAME (environment variable)

SERVER_PORT (environment variable)

SERVER_PROTOCOL (environment variable)

SERVER_SOFTWARE (environment variable)

servers

     automation servers

     name servers, DNS (Domain Name System)

     pipe squatting

    Web servers

         APIs

         server-side scripting

         server-side transformation

         SSIs (server-side includes)

service image paths

service-oriented architecture (SOA)

services, Windows NT

servlets [See Java servlets.]

session credentials, redirector

session layer, network segmentation

session tokens 2nd

sessions

     HTTP 2nd

         security vulnerabilities

         session management

         session tokens

     UNIX, process sessions

     Windows NT 2nd

         access tokens 2nd

         logon rights

         SIDs (security IDs)

setegid( ) function

setenv( ) function 2nd

Setenv( ) Vulnerabilty in BSD listing (10-2)

seteuid( ) function

setgid (set-group-id), UNIX

setgid programs (UNIX)

setgid( ) function

setgroups( ) function

setjump( ) function

setregid( ) function

setresgid( ) function

setresuid( ) function

setreuid( ) function

setrlimit( ) function

SetThreadToken( ) function

settings, default settings, insecure defaults

setuid (set-user-id), UNIX

setuid programs (UNIX)

setuid root programs (UNIX)

setuid( ) function 2nd

SGML (Standard Generalized Markup Language)

shadow password files, UNIX

shared key encryption

shared libraries

shared memory blocks

shared memory segments

     synchronization

shared memory, multiple processes

sharing files, UNIX

shatter attacks, Windows messaging

SHELL environment variable (UNIX)

shell environment variables, UNIX

shell histories, UNIX

shell invocation

     ASP

     ASP.NET

     Java servlets

     Perl

     PHP 2nd

shell login scripts, UNIX

shell logout scripts, UNIX

Shell Metacharacter Injection Vulnerability listing (8-18)

shell metacharacters

shellcode 2nd

Shellcoder's Handbook, The 2nd

ShellExecute( ) function

ShellExecuteEx( ) function

shells, UNIX users

side-effects, functions

     auditing

     referentially opaque side effects

     referentially transparent side effects

SIDs (security IDs), Windows NT

siglongjump( ) function

sign bit

     arithmetic schemes

     signed integer types

Sign Extension Vulnerability Example listing (6-12)

sign extensions

     type conversions

         truncation

Sign-Extension Example listing (6-14)

Sign-Preserving Right Shift listing (6-25)

signal handler scoreboard

Signal Interruption listing (13-1)

signal marks

signal masks

Signal Race Vulnerability in WU-FTPD listing (13-2)

signal( ) function 2nd

signals

     asynchronous-safe function 2nd 3rd

     default actions

     handling

     interruptions 2nd

     jump locations

     non-returning signal handlers 2nd

     repetition

     sending

     signal handler scoreboard

     signal masks

     vunerabilities 2nd

signature payloads, ISAKMP (Internet Security Association and Key Management Protocol)

signatures, cryptographic signatures

Signed Comparison Example in PHP listing (6-23)

Signed Comparison Vulnerability Example listing (6-7)

Signed Comparison Vulnerability listing (6-21)

signed integer types, C programming language

Signed Integer Vulnerability Example listing (6-5)

signed integers

     boundaries

     conversions

         vunerabilities

     narrowing

     sign bit, arithmetic schemes

     widening

signing Active X controls

sigsetjump( ) function

SIGSTOP default action

simple binary CPs (candidate points)

simple lexical CPs (candidate points)

Simple Mail Transfer Protocol (SMTP)

Simple Nonterminating Buffer Overflow Loop listing (7-15)

Simple Object Access Protocol (SOAP)

simple type conversions, C programming language

single sign-on (SSO) system

single-threaded apartment (STA), COM (Component Object Model)

singly linked lists

site-restricted controls, Active X

size, operators, vunerabilities

Sizeof Misuse Vulnerability Example listing (6-24)

sizeof( ) function 2nd

SMB relay attacks

SMBs (Server Message Blocks) 2nd

SMTP (Simple Mail Transfer Protocol)

sniffing attacks

snort reassembly vunerability, TCP (Transmission Control Protocol)

snprintf( ) function 2nd 3rd

Snyder, Window

SOA (service-oriented architecture)

SOAP (Simple Object Access Protocol)

socketpair( ) function 2nd

soft links, UNIX files 2nd

software

     requirements

     security expectations

     specifications

     vulnerabilities 2nd

         bugs

         classifying

         data flow

         design vunerabilities

         environmental attacks

         exceptional conditions

         implementation vunerabilities

         input

         interfaces

         operational vunerabilities

         security policies

         trust relationships

software design

     abstraction

     accuracy

     algorithms

     application architecture modeling

     clarity

     decomposition

     failure handling

     loose coupling

     strong cohesion

     strong coupling exploitation

     threat modeling

         information collection

     transitive trust exploitation

     trust relationships

         chain of trust relationships

         complex trust boundaries

         defense in depth

         simple trust boundaries

Software Restriction Policies (SAFER) API [See SAFER (Software Restriction Policies) API, Windows NT sessions, access tokens.]

Solaris

Solomon, David A. 2nd

Song, Dug

source code audits, COM (Component Object Model)

source code navigators, code audits

     Code Surfer

     Cscope

     Ctags

     Source Navigator

     Understand

source code, profiling

Source Navigator

source routing

     IP (Internet Protocol)

     packets

source-only application access

SPACEJUMP method

specialization approach, application review

specifications, software

SPIKE fuzz testing tool

spoofing

     DNS (Domain Name System)

     TCP streams

         blind connection spoofing

spoofing attacks, firewalls 2nd

     close spoofing

     distant spoofing

     encapsulation

     source routing

sprintf( ) functions 2nd 3rd

SQL (Structured Query Langauge)

     queries, metacharacters

     SQL injection

         ASP 2nd

         ASP.NET

         Java servlets

         parameterized queries

         Perl

         PHP

         prepared statements

         second order injection

         stored procedures

         testing for

SQL Injection Vulnerability listing (8-20)

SQL Truncation Vulnerability listing (8-21)

SSIs (server-side includes)

SSL (Secure Sockets Layer)

SSL/TLS (Secure Socket Layer/Transport Layer Security)

SSL/TLS (Secure Sockets Layer/Transport Layer Security)

SSO (single sign-on) system

STA (single-threaded apartment), COM (Component Object Model)

stack cookies

stack overflows

stack protection, operational vulnerabilities, preventing

Stackguard, stack cookies

stacks

     ADT (abstract data type)

     EBP (extended base pointer)

     ESP (extended stack pointer)

     nonexecutable stacks

     stack protection

Standard Generalized Markup Language (SGML)

standards documentation

standards, C programming language

starvation, threads 2nd

Starzetz, Paul 2nd

stat( ) function

state mechanisms, RPCs (Remote Procedure Calls)

state processing, TCP (Transmission Control Protocol)

state tables

     spoofing

state, maintaining

     client IP addresses

     cookies

     embedding state in HTML and URLs

     HTTP authentication 2nd

     Referer request headers

     sessions 2nd

         security vulnerabilities

         session management

         session tokens

     stateful versus stateless systems

stateful firewalls

     directionality

     fragmentation

     stateful inspection firewalls

     TCP (Transport Control Protocol)

     UDP (User Datagram Protocol)

stateful inspection firewalls

     layering

stateful packet filters

stateful systems

stateless firewalls

     fragmentation

     FTP (File Transfer Protocol)

     TCP (Transmission Control Protocol)

     UDP (User Datagram Protocol)

stateless packet filters

stateless systems

statements

     break statements, omissions

     flow transfer statements, auditing

     out-of-order statements

     prepared statements

     switch statements, auditing

states, TCP connections

static content

static variables

status checks, application review

stdio file system, files

     closing

     opening

     reading

     writing to

Stevens, Ted

Stevens, W. Richard

Stickley, Jim

storage, C programming language

stored procedures

strcat( ) function

strcpy( ) functions 2nd

Strcpy( )-like Loop listing (8-3)

stream ciphers, encryption

streams (file), Windows NT

streams, TCP (Transmission Control Protocol) 2nd

     blind connection spoofing

     blind data injection attacks

     blind reset attacks

     connection fabrication

     connection tampering

     spoofing

strict black box application access

strict context handles, RPCs (Remote Procedure Calls)

strings

     bounded string functions 2nd

     character expansion

     format strings

     handling, C programming language

    pointers

         incorrect increments

         typos

     unbounded copies

     unbounded string functions

     Windows NT security descriptors

strlcat( ) function

strlcpy( ) function

strlen( ) function

strncat( ) function

strncpy( ) function 2nd

strong cohesion, software design

strong coupling, software design exploitation

strongly coupled modules

Structure Padding in a Network Protocol listing (6-32)

structure padding, C programming language

structured exception handling (SHE) attacks

structures, variables, management

Struts framework

stub resolvers (DNS)

stubs, COM (Component Object Model)

subdomains

subnet addresses

subsystem access permissions, DCOM (Distributed Component Object Model)

subsystem alnalysis, code audits

superusers, UNIX

supplemental group privileges, UNIX, dropping permanently

supplemental groups, UNIX 2nd 3rd

Swiderski, Frank

switch statements

     auditing

     C programming language

switching

symbolic links, UNIX files 2nd

SymbolicLink objects

symmetric encryption

     block ciphers

synchronization

     APCs (asynchronous procedure calls)

     deadlocks 2nd

     multithreaded programs

     process synchronization

         interprocess synchronization

         lock matching

         synchronization object scoreboard

         System V synchronization

         Windows NT synchronization

     race conditions

     reentrancy

     shared memory segments

     signals

         asynchronous-safe function 2nd 3rd

         default actions

         handling

         interruptions 2nd

         jump locations

         non-returning signal handlers 2nd

         repetition

         sending

         signal handler scoreboard

         signal masks

         vunerabilities 2nd

     starvation

    threads

         deadlocks

         PThreads API

         race conditions

         starvation

         Windows API

synchronization object scoreboard

syntax highlighting

synthesized request variables

SysInternals

syslog( ) function

system call gateways

system configuration files, UNIX

system file table, UNIX

system objects, Windows NT

system profiling

system resources, access, auditing

System V-IPC mechanisms

     process synchronization

     semaphores

     UNIX

system virtualization

system( ) function