Hunting Security Bugs

Chapter 6: Spoofing

Table 6-1: Useful Characters for UI Spoofing

Chapter 8: Buffer Overflows and Stack and Heap Manipulation

Table 8-1: Signed Short Number Limits

Chapter 9: Format String Attacks

Table 9-1: Functions That Use Format String Specifiers

Chapter 10: HTML Scripting Attacks

Table 10-1: Common Data Fields Used in XSS Attacks

Table 10-2: HTML Encoding for Input Characters

Table 10-3: Suspicious Client-Side Script Elements

Table 10-4: Common Encoding Functions

Chapter 11: XML Issues

Table 11-1: Character Entity References

Chapter 12: Canonicalization Issues

Table 12-1: Common Symbols Used in Directory Traversal

Table 12-2: ASCII Characters and Their Decimal and Hexadecimal Equivalents

Table 12-3: Common HTML Entities

Chapter 13: Finding Weak Permissions

Table 13-1: Common Tools Used to Find Permissions on Objects

Table 13-2: Common Large Groups

Table 13-3: Example Roles for Restaurant Application

Chapter 14: Denial of Service Attacks

Table 14-1: Results of RemoveTrailingPeriod Using a Bad Algorithm

Chapter 16: SQL Injection

Table 16-1: Comment Styles in Database Systems

Table 16-2: SQL Server Wildcard Characters for the LIKE Clause

Table 16-3: Common Search Terms for Various SQL Technologies