Flylib.com
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
ISBN: 0321444426
EAN: 2147483647
Year: 2004
Pages: 194
Authors:
Mark Dowd
,
John McDonald
,
Justin Schuh
BUY ON AMAZON
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
Table of Contents
Copyright
About the Authors
Preface
Acknowledgments
Part I: Introduction to Software Security Assessment
Chapter 1. Software Vulnerability Fundamentals
Introduction
Vulnerabilities
The Necessity of Auditing
Classifying Vulnerabilities
Common Threads
Summary
Chapter 2. Design Review
Introduction
Software Design Fundamentals
Enforcing Security Policy
Threat Modeling
Summary
Chapter 3. Operational Review
Introduction
Exposure
Web-Specific Considerations
Protective Measures
Summary
Chapter 4. Application Review Process
Introduction
Overview of the Application Review Process
Preassessment
Application Review
Documentation and Analysis
Reporting and Remediation Support
Code Navigation
Code-Auditing Strategies
Code-Auditing Tactics
Code Auditor s Toolbox
Case Study: OpenSSH
Summary
Part II: Software Vulnerabilities
Chapter 5. Memory Corruption
Introduction
Buffer Overflows
Shellcode
Protection Mechanisms
Assessing Memory Corruption Impact
Summary
Chapter 6. C Language Issues
Introduction
C Language Background
Data Storage Overview
Arithmetic Boundary Conditions
Type Conversions
Type Conversion Vulnerabilities
Operators
Pointer Arithmetic
Other C Nuances
Summary
Chapter 7. Program Building Blocks
Introduction
Auditing Variable Use
Auditing Control Flow
Auditing Functions
Auditing Memory Management
Summary
Chapter 8. Strings and Metacharacters
Introduction
C String Handling
Metacharacters
Common Metacharacter Formats
Metacharacter Filtering
Character Sets and Unicode
Summary
Chapter 9. UNIX I: Privileges and Files
Introduction
UNIX 101
Privilege Model
Privilege Vulnerabilities
File Security
File Internals
Links
Race Conditions
Temporary Files
The Stdio File Interface
Summary
Chapter 10. UNIX II: Processes
Introduction
Processes
Program Invocation
Process Attributes
Interprocess Communication
Remote Procedure Calls
Summary
Chapter 11. Windows I: Objects and the File System
Introduction
Background
Objects
Sessions
Security Descriptors
Processes and Threads
File Access
The Registry
Summary
Chapter 12. Windows II: Interprocess Communication
Introduction
Windows IPC Security
Window Messaging
Pipes
Mailslots
Remote Procedure Calls
COM
Summary
Chapter 13. Synchronization and State
Introduction
Synchronization Problems
Process Synchronization
Signals
Threads
Summary
Part III: Software Vulnerabilities in Practice
Chapter 14. Network Protocols
Introduction
Internet Protocol
User Datagram Protocol
Transmission Control Protocol
Summary
Chapter 15. Firewalls
Introduction
Overview of Firewalls
Stateless Firewalls
Simple Stateful Firewalls
Stateful Inspection Firewalls
Spoofing Attacks
Summary
Chapter 16. Network Application Protocols
Introduction
Auditing Application Protocols
Hypertext Transfer Protocol
Internet Security Association and Key Management Protocol
Abstract Syntax Notation (ASN.1)
Domain Name System
Summary
Chapter 17. Web Applications
Introduction
Web Technology Overview
HTTP
State and HTTP Authentication
Architecture
Problem Areas
Common Vulnerabilities
Harsh Realities of the Web
Auditing Strategy
Summary
Chapter 18. Web Technologies
Introduction
Web Services and Service-Oriented Architecture
Web Application Platforms
CGI
Perl
PHP
Java
ASP
ASP.NET
Summary
Bibliography
Index
SYMBOL
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
ISBN: 0321444426
EAN: 2147483647
Year: 2004
Pages: 194
Authors:
Mark Dowd
,
John McDonald
,
Justin Schuh
BUY ON AMAZON
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Part I - The Underpinning Theory
Team change
Part II - The Applications
Cultural change
IT-based process change
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Prerequisites
Returning Multiple Values from an Extension Function
Client 4An Interactive Command Processor
pgcurlWeb-enabling Your PostgreSQL Server
Localization
Programming Microsoft ASP.NET 3.5
ASP.NET Iterative Controls
ASP.NET State Management
ASP.NET Security
Extending Existing ASP.NET Controls
Hosting ASP.NET Outside IIS
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Article 210 Branch Circuits
Article 324 Flat Conductor Cable Type FCC
Article 392 Cable Trays
Notes for Tables 11(A) and 11(B)
Example No. D10 Feeder Ampacity Determination for Adjustable-Speed Drive Control [See 215.2, 430.24, 620.13, 620.14, 620.61, Tables 430.22(E), and 620.14]
Quantitative Methods in Project Management
Project Value: The Source of all Quantitative Measures
Expense Accounting and Earned Value
Quantitative Time Management
Special Topics in Quantitative Management
Quantitative Methods in Project Contracts
DNS & BIND Cookbook
Choosing a Version of BIND
Finding Out Whos Querying a Name Server
Dynamically Updating a Zone
Setting Up a Hidden Primary Master Name Server
Discarding a Category of Messages
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies