The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

validation

     authorization, insufficient validation

     IP headers

     name validation, DoS (denial of service) attacks

     originator validation

     TCP headers

     UDP headers

value bits, unsigned integer types

value preservation, C programming language

value-preserving promotions

values, Windows NT registry, value squatting

Van der Linden, Peter

/var directory (UNIX)

variables

     auditing

         arithmetic boundaries

         initialization

         lists

         object management

         structure management

         tables 2nd

         type confusion 2nd

     environment variables

     PATH_INFO

     PThread API, condition variables

     relationships 2nd

Vary header field (HTTP)

VBScript

vendor ID payloads, ISAKMP (Internet Security Association and Key Management Protocol)

Version header field (HTTP)

versions of HTTP (Hypertext Transport Protocol)

vfork( ) function

Via header field (HTTP)

View component (MVC)

ViewState, ASP.NET

virtual device drivers

virtual memory areas (VMAs)

Virtual Memory System (VMS)

virtual private machines (VPNs)

virtualization

visibility of clients

Vista objects, namespaces

VMAs (virtual memory areas)

VMs (virtual machines), operational vulnerabilities, preventing

VMS (Virtual Memory System)

VPNs (virtual private networks)

vreply( ) function

vsnprintf( ) function

Vulnerability in Filtering a Character Sequence #2 listing (8-26)

Vulnerability in Filtering a Character Sequence listing (8-25)

Vulnerable Hex-Decoding Routine for URIs listing (8-5)

vunerabilities

     accountability

     authentication

         insuffiecient validation

         untrustworthy credentials

     authorization

     availability

     encryption

     integrity

     operational vulnerabilities

         access control

         attack surfaces

         authentication

         default site installations

         development protective measures

         directory indexing

         exposure

         file handlers

         host-based measures

         HTTP request methods

         insecure defaults

         network profiles

         network-based measures

         overly verbose error messages

         public-facing administrative interfaces

         secure channels

         spoofing

         unnecessary services

         Web-specific vunerabilities

     operational vunerabilities

    operators

         right shift 2nd

         size

     pointers

     software 2nd

         bugs

         classifying

         data flow

         design vunerabilities

         environmental attacks

         exceptional conditions

         implementation vunerabilities

         input

         interfaces

         operational vunerabilities

         security policies

         trust relationships

     type conversions

         C programming language

         sign extensions

vunerability classes

Related

Категории