C

Previous page
Table of content
Next page

C/C++

banned APIs, 2, 8–9

compiler and linkage options, 11

exception handling, 67–68

heap defense functions, 57

pointers, 3–4, 172, 173–175

SAL annotation, 2, 3–8

service writing in, 96

static analysis, 9–10

string buffers, 3

token access, 15–16

TPM writing, 178–180

unmanaged, 3, 11

C runtime (CRT) functions, 3

C runtime headers, 8

C runtime library, and ASLR, 52

C# programming

credential/consent prompts, 25

TPM queries, 177

C4966 warning, 8

C6387 warning, 7

calc.exe, 129

cacls tool, 101

callbacks, 117

callees (implementations), 3

callers (clients), 3

Cameron, Kim, 159

canonicalization functions, 130–131

CAPICOM, 148, 157

CardSpace. See Windows CardSpace and Information Cards

cbcount, 8

cchcount, 8

CDP (Certificate Revocation List Distribution Point), 145

CertEnroll, 148

CertGetCertificateChain, 146–147, 148

certificate common name (CN), 155

certificate events, viewing, 147

Certificate Revocation List (CRL) revocation checks, 145–147

Certificate Revocation List Distribution Point (CDP), 145

certificate verification, 145–146

server, 153

SSL/TLS, 155

certificates, root, 148

certutil –url tool, 147

ChangeServiceConfig2, 103

Channel9, 156

characters, counting, 8

_checkReturn, 7

checksum, 9

cipher suites, 144–145

ciphers, Internet Explorer 7, 133

classes, sample code for, 63–64

cl.exe, 5

clients (callers), 3

clients, authenticating, 117, 152.

See also authentication and authorization

clients, impersonating, 106

RPC/COM, 227

sockets, 117

CNG (Cryptography API: Next Generation), 135

add-ins, 137–138

algorithms, new, 139–140

crypto-agility, 137–138

FIPS and, 142–143

missing element, 144

use of, 140–142

CoCreateInstance, 85, 91

code, third-party, 58

“Code Analysis for C/C++ Warnings” (MSDN), 10

code quality, 1–11

Code Red worm, 55

code security, 1–11

code signing, importance of, 44, 169

COM client/server configuration

elevation, 26

RPC, 117

COM components, COM Elevation Moniker, starting, 25–26

COM Elevation Moniker, 25

COM Elevation Moniker, The (MSDN), 26

COM interfaces

ATL and, 165

cURL and IUri interface, 131

deprecated crypto features, 148

RSS, 82

COM objects, 25–26

credential providers, 159

deprecated, crypto features, 148

parental controls, 165

problems with, privilege reduction, 102–103

Comer, Douglas E., 78

commands

icacls, 38

mklink, 45

Common Criteria requirements, 143

security events, 172

communication, with desktop. See desktop, communication with compatibility, backward, 9

compilers, 4–5

/analyze, 5, 7, 9

and banned APIs, 8

/GS, 11.

See also /GS

JIT, 127

warnings, 9–10

connections, port, and firewalls, 91–92

connectivity, determining, 81

ConnectivityChanged, 81

ConnectNamedPipe, 113, 115

console 0, sharing of, 110

consolidated URL parser (cURL), 130–131, 133

const, 5

constant source strings, 8

constants, string, 137

control handlers, and services, 98–99

ControlKey, 114

controls, adding, 123

ConvertStringSidToSid, 36

cookies

/GS, 64–67

safeSEH, 68

CreateFileMapping, 112

error (“Global\\objectname”), 43

CreateNamedPipe, 113

CreatePipeDacl, 102, 118

CreateProcessAsUser, 107

CreateRestrictedToken, 102–103

CreateService, 98, 117–118

CreateWellKnownSid, 160

Credential Manager, 44

Credential Prompt box, 18

Credential Provider model, 159

credentials, user, prompting for, 24–25, 169–171

credentials management, access to, 44

CredUIPromptForCredentials, deprecated, 169

CredUIPromptForWindowsCredentials, 169–171

CRL (Certificate Revocation List) revocation checks, 145–147

CRT (C runtime) functions, 3

CryptAcquireContext, 141

crypto-agility, 9, 136–137

in CNG, 137–139

cryptographic algorithms, 9, 136–137

Cryptographic API 1.0 (CAPI 1.0), 135–136

Cryptographic API 2.0 (CAPI 2.0), 135–136

cryptographic enhancements, 135–136

auditing, improved, 143

CNG algorithms, new, 139–140

CNG crypto-agility, 137–138

CNG and FIPS, 142–143

CNG “something missing,” 144

CNG use, 140–142

crypto-agility, 136–137

deprecated features, 148

kernel mode and user mode support, 136

root certificates, 148

SSL/TLS, 144–147

cryptographic interfaces, user-mode, supported, 135–136

cryptography, banned, 3

list of, 9

removing from codebase, 9

Cryptography API: Next Generation (CNG). See CNG (Cryptography API: Next Generation)

cURL (consolidated URL parser), 130–131, 133

Cutler, David, 60


Previous page
Table of content
Next page
Writing Secure Code for Windows Vista
Writing Secure Code for Windows Vista (Best Practices (Microsoft))
ISBN: 0735623937
EAN: 2147483647
Year: 2004
Pages: 122
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
High-Speed Signal Propagation[c] Advanced Black Magic
Image Processing with LabVIEW and IMAQ Vision
Oracle Developer Forms Techniques
FileMaker Pro 8: The Missing Manual
Cisco CallManager Fundamentals (2nd Edition)
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy