The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

UDP (User Datagram Protocol) 2nd

     header validation

     stateful firewalls

     stateless firewalls

UIDs (user IDs), UNIX 2nd

UML (Unified Markup Language)

     class diagrams

     component diagrams

     use cases

UN*X

unary + operator, C programming language

unary operator, C programming language

unary operator, C programming language

unbounded copies, strings

unbounded string functions

UNC (Universal Naming Convetion), redirector

unconstrained data types, test cases, code audits

undefined behavior, C programming language

underflow, unsigned integers

Understand source code navigator

Unexpected Return Values listing (7-29)

Unicode

     character equivalence

     code page assumptions

     decoding

     homographic attacks

     NUL-termination

     UTF-16 encoding

     UTF-8 encoding

     Windows functions

Unicos

Unified Markup Language (UML) [See UML (Unified Markup Language).]

Uniform Resource Identifiers (URIs)

Uninformed magazine

Uninitialized Memory Buffer listing (7-7)

Uninitialized Object Attributes listing (7-8)

Uninitialized Variable Usage listing (7-6)

unique creation, UNIX temporary files

unititialized memory buffers

unititialized object attributes

unititialized variable usage

UNIX

     BSD

         securelevels

     controlling terminals

     daemons

     directories

         creating

         entries

         Filesystem Hierarchy Standard

         mount points

         parent directories

         permissions

         public directories

         root directories

         safety

         working directories

     domain sockets 2nd

     environment variables

     file descriptors 2nd

     file IDs

     file security

     files 2nd 3rd

         boot files

         creating

         desciprtors

         device files

         directories

         filenames

         inodes

         kernel files

         libraries

         links

         log files

         named pipes

         pathnames

         paths

         permissions

         personal user files

         proc file system

         program configuration files

         program files

         race conditions

         sharing

         stdio file interface

         system configuration files

         temporary files

     GECOS field

     groups

         effective groups

         GIDs

         GIDs (group IDs)

         login groups

         primary groups

         real groups

         saved set groups

         secondary groups

         setgid (set-group-id)

         supplemental groups 2nd

     kernel

     Linux

         capabilities

         file system IDs

     mail spools

     naming of

     O_EXCL flag

     open( ) system call

     origins of

     password files

     pipes

     POSIX standards

     privileges

         dropping permanently 2nd

         dropping temporarily

         extensions

         group ID functions

         management code audits

         programs

         user ID functions

         vunerabilities

     processes 2nd

         attributes

         child processes

         children

         creating

         environment arrays

         fork( ) system call

         groups

         interprocess communication

         open( ) function

         program invocation

         RPCs (Remote Procedure Calls)

         sessions

         system file table

         terminals

         termination

     program invocation

         direct invocation

         indirect invocation

     resource limits

    RPCs (Remote Procedure Calls)

         authentication

         decoding routines

         definition files

     shadow password files

     shell histories

     shell login scripts

     shell logon scripts

     System V-IPC mechanisms

     tools

     UN*X

     users

         effective users

         home directories

         real users

         saved set users

         setuid (set-user-id)

         shells

         superusers

         UIDs (user IDs) 2nd

unlink( ) function 2nd

UNLOCK method

unmask attribute, UNIX

unmask file permissions

unnecessary services

Unsigned Comparison Vulnerability listing (6-22)

unsigned integer types, C programming language

Unsigned Integer Underflow Example listing (6-4)

unsigned integers

     boundaries 2nd

     conversions

         vunerabilities

     narrowing

     numeric overflow

     numeric underflow

     widening

unsigned-preserving promotions

untrustworthy credentials, authentication

Upgrade header field (HTTP)

uploading files, security

URG flags, TCP (Transmission Control Protocol)

URI header field (HTTP)

URIs (Uniform Resource Identifiers)

     script URI

URLs, embedding state in

use cases, UML (Unified Markup Language)

use scenarios

uselib( ) function

User Datagram Protocol (UDP)

user IDs (UIDs), UNIX

     functions

User-Agent header field (HTTP)

users, UNIX

     effective users

     file security

     home directories

     privilege vunerabilities

     real users

     saved set users

     setuid (set-user-id)

     shells

     superusers

     UIDs (userIDs)

     user ID functions

     user IDs (UIDs)

usual arithmetic conversions 2nd 3rd

UTF-16 encoding

UTF-8 encoding

utilitiy functions, HTTP (Hypertext Transfer Protocol)