The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

2017-07-07 02:10:07

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

wait functions

waitable timer, Windows NT

Wang, Xiaoyun

Warning header field (HTTP)

waterfall models

wcsncpy( ) function

Web 2.0

Web applications

access control

ASP (Active Server Pages)

configuration settings

cross-site scripting

file access

file inclusion

inline evaluation

shell invocation

SQL injection queries 2nd

ASP.NET

configuration settings

cross-site scripting

file access

file inclusion

inline evaluation

shell invocation

SQL injection queries

auditing

activities to isolate

avoiding assumptions

black box testing

enumerating functionality

goals

multiple approaches

reverse-engineering

testing and experimentation

authentication

authorization

business logic

C/C++ problems

CGI (Common Gateway Interface) 2nd

environment variables

indexed queries

client control

client visibility

dynamic content

ecryption

HTML (Hypertext Markup Langage)

HTTP (Hypertext Transport Protocol)

authentication 2nd

embedded path information

forms

headers

methods 2nd

overview of

parameter encoding

query strings

requests

responses

sessions 2nd

state maintenance

versions

IDC (Internet Database Connection)

Java servlets

configuration settings

cross-site scripting

file access

file inclusion

inline evaluation

JSP file inclusion

shell invocation

SQL injection queries

threading

Web server APIs versus

N-tier architectures 2nd

business tier

client tier

data tier

MVC (Model-View-Controller)

Web tier 2nd

OS and file system interaction

execution

file uploading

null bytes

path traversal

programmatic SSI

overview of

page flow

parameters, transmitting

embedded path information

forms

GET method 2nd

parameter encoding

POST method

query strings

Perl

cross-site scripting

file access

file inclusion

inline evaluation

shell invocation

SQL injection queries

taint mode

phishing and impersonation

PHP (PHP Hypertext Preprocessor)

configuration settings

cross-site scripting

file access

file inclusion

inline evaluation

shell invocation 2nd

SQL injection queries

presentation logic

redundancy

security environment

server-side scripting

sessions

security vulnerabilities

session management

session tokens

SQL injection

parameterized queries

prepared statements

second order injection

stored procedures

testing for

SSIs (server-side includes)

static content

Struts framework

threading issues

URIs (Uniform Resource Identifiers)

Web server APIs

XML injection

XPath injection

XSLT (Extensible Stylesheet Language Transformation)

XSS (cross-site scripting)

Web Distributed Authoring and Versioning (WebDAV) methods

Web server APIs, Java servlets versus

Web servers

APIs

directory indexing

server-side scripting

server-side transformation

SSIs (server-side includes)

Web Services

AJAX (Asynchronous JavaScript and XML)

REST (Representational State Transfer)

SOAP (Simple Object Access Protocol)

Web Services Description Language (WSDL)

Web tier (Web applications) 2nd

Web-specific vulnerabilities, applications

authentication

default site installations

directory indexing

file handlers

HTTP request methods

overly verbose error messages

public-facing administrative interfaces

web.config file, ASP.NET

WebDAV (Web Distributed Authoring and Versioning) methods

Weil, Alejandro David

WEP (Wired Equivalent Privacy)

white-list filters, metacharacters

Whitehead, Alfred North

Wi-Fi Protected Access (WPA)

WideCharToMultiByte( ) function 2nd

width, integer types 2nd

Wilson, Daniel H.

window scale option, TCP (Transmission Control Protocol) processing

window station, IPC (interprocess communications)

Windows functions, Unicode

Windows Internals, 4th Edition

Windows messaging, IPC (interprocess communications)

DDE (Dynamic Data Exchange)

desktop object

shatter attacks

window station

WTS (Windows Terminal Services)

Windows NT 2nd

COM (Component Object Model)

Active X security

application IDs

automation objects 2nd

CLSID mapping

components

DCOM Configuration utility

interfaces

OLE (Object Linking and Embedding)

proxies

stubs

threading

type libraries

DCOM (Distibuted Component Object Model)

access controls

application audits

application identity

application registration

ATL (Active Template Library)

DCOM Configuration utility

impersonation

interface audits

MIDL (Microsoft Interface Definition Language)

subsystem access permissions

development of

event objects

file access

canonicalization

case sensitivity

device files

DOS 8.3 filenames

extraneous filename characters

File I/O API

file open audits

file squatting

file streams

file types

links

permissions

IPC (interprocess communications)

COM (Component Object Model)

DDE (Dynamic Data Exchange)

desktop object

impersonation

mailslots

messaging

pipes

redirector

RPCs (Remote Procedure Calls)

security

shatter attacks

window station

WTS (Windows Terminal Services)

KOM (Kernel Object Manager)

multithreaded programs, synchronicity

mutex objects

namespaces

objects

boundary descriptor objects

handles

namespaces

nonsecurable objects

SymbolicLink objects

system objects

origins of

pipes

anonymous pipes

creating

impersonation

named pipes

permissions

pipe squatting

POSIX subsystem, signals, handling

processes

DLL loading

process synchronization

services

ShellExecute( ) function

ShellExecuteEx( ) function

registry

key permissions

key squatting

predefined keys

value squatting

RPCs (Remote Procedure Calls)

ACFs (application configuration files)

application audits

connections

context handles

DCE (Distributed Computing Environment) RPCs

IDL file structure

impersonation

MIDL (Microsoft Interface Definition Language)

ONC (Open Network Computing) RPCs

proprietary state mechanisms

RPC servers

threading

transports

security descriptors

access masks

ACL inheritance

ACL permissions

programming interfaces

strings

semaphores

sessions

access tokens 2nd

logon rights

SIDs (security IDs)

threads

waitable timer

Windows registry, path metacharacters

Windows System Programming

WinObj

Wired Equivalent Privacy (WEP)

Wojtczuk, Rafal

working directories, UNIX

working papers, application review

WPA (Wi-Fi Protected Access)

Writing Secure Code, 2nd Edition 2nd 3rd

writing to files, stdio file system

WSDL (Web Services Description Language)

_wsprintfW( ) function

WTS (Windows Terminal Services), Windows messaging

WWW-Authenticate header field (HTTP)

WWW-Link header field (HTTP)

WWW-Title header field (HTTP)

Index

Категории