Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] AASP (Active Server Pages) Abstract Syntax Notation (ASN.1) [See ASN.1 (Abstract Syntax Notation).] Abstraction, software design ACC (allocation-check-copy) logs auditing data assumptions order of action unanticipated conditions Accept header field (HTTP) Accept-Charset header field (HTTP) Accept-Encoding header field (HTTP) Accept-Language header field (HTTP) Accept-Ranges header field (HTTP) access control ASP.NET DCOM (Distributed Component Object Model) vunerabilities access control entries (ACEs) [See ACEs (access control entries).] access control policy access masks, Windows NT, security descriptors access tokens, Windows NT sessions contexts group lists impersonation privileges restricted tokens SAFER (Software Restriction Policies) API access( ) function accountability, common vulnerabilities accuracy, software design ACEs (access control entries) flags orders ACFs (application configuration files), RPCs (Remote Procedure Calls) ACLs (access control lists) low-level ACL control permissions, auditing Windows NT, inheritance activation records, runtime stack activation, DCOM objects active FTP Active Server Pages (ASP) [See ASP (Active Server Pages).] Active X controls 2nd COM (Component Object Model), security kill bit signing site-restricted controls threading ActiveX Data Objects (ADO) address space layout randomization (ASLR) [See ASLR (address space layout randomization).] addresses IP addresses maintaining state with subnet addresses AdjustTokenGroups( ) function AdjustTokenPrivileges( ) function ADO (ActiveX Data Objects) ADT (abstract data type), stacks Age header field (HTTP) Aitel, Dave AIX AJAX (Asynchronous JavaScript and XML) algorithms analyzing, CC (code comprehension) encryption block ciphers common vunerabilities exchange algorithms IV (initialization vector) stream ciphers hashing algorithms software design alloc( ) function allocating 0 bytes allocation functions, auditing allocation-check-copy (ACC) logs [See ACC (allocation-check-copy) logs.] allocator scorecards Allocator with Header Data Structure listing (7-39) Allocator-Rounding Vulnerability listing (7-38) Allow header field (HTTP) Allowed header field (HTTP) analysis phase, code review 2nd findings summary analyzing algorithms, CC (code comprehension) classes, CC (code comprehension) modules, CC (code comprehension) objects, CC (code comprehension) Anderson, J.S. anonymous pipes, Windows NT antimnalware applications antisniff tool, vunerabilities Antisniff v1.0 Vulnerability listing (6-8) Antisniff v1.1 Vulnerability listing (6-9) Antisniff v1.1.1 Vulnerability listing (6-10) Antisniff v1.1.2 Vulnerability listing (6-11) Apache 1.3.29/2.X mod_rewrite Off-by-one Vulnerability listing (7-19) Apache API Apache mod_dav CDATA Parsing Vulnerability listing (7-1) Apache mod_php Nonterminating Buffer Vulnerability listing (7-18) Apache, Struts framework APCs (asynchronous procedure calls) APIs (application programming interfaces) Apache API ISAPI (Internet Server Application Programming Interface) NSAPI (Netscape Server Application Programming Interface) Appel, Andrew W. AppID keys application access, categories application architecture modeling application identity, DCOM (Distributed Component Object Model) application IDs, COM (Component Object Model) application layer, network segmentation application manifests application protocols ASN.1 (Abstract Syntax Notation) BER (Basic Encoding Rules) CER (Canonical Encoding Rules) DER (Distinguished Encoding Rules) 2nd PER (Packed Encoding Rules) XER (XML Encoding Rules) auditing data type matching data verification documentation collection identifying elements system resource access DNS (Domain Name System) 2nd headers length variables name servers names packets question structure request traffic resolvers resource records 2nd 3rd spoofing zones HTTP (Hypertext Transfer Protocol) header parsing posting data resource access utility functions ISAKMP (Internet Security Association and Key Management Protocol) encryption vunerabilities headers payloads application review application review phase 2nd 3rd bottom-up approach hybrid approach iterative process peer reviews planning reevaluation status checks top-down approach working papers code auditing 2nd 3rd binary navigation tools CC (code comprehension) strategies CP (candidate point) strategies 2nd debuggers dependency alnalysis desk checking DG (design generalization) strategies 2nd fuzz testing tools internal flow analysis OpenSSH case study rereading code scorecard source code navigators subsystem alnalysis test cases code navigation external flow sensitivity tracing documentation and analysis phase 2nd findings summary preassessment phase application access information collection scoping process outline remediation support phase 2nd application-specific CPs (candidate points) applications attack surfaces COM (Component Object Model) applications, registration DCOM (Distributed Component Object Model) applications, auditing reverse-engineering applications RPC (Remote Procedure Call) applications, auditing Web applications [See Web applications, access control.] Applied Cryptography appSettings section, ASP.NET apr_palloc( ) function arbitrary file accesses, junction points argument promotions arguments, functions, auditing arithmetic C programming language arithmetic boundary conditions signed integer boundaries unsigned integer boundaries modular arithmetic pointers arithmetic boundaries, variables, auditing arithmetic boundary conditions, C programming language numeric overflow conditions numeric underflow conditions numeric wrapping signed integers unsigned integers arithmetic shift Arithmetic Vulnerability Example in the Parent Function listing (7-10) Arithmetic Vulnerability Example listing (7-9) ASLR (address space layout randomization) operational vulnerabilities, preventing ASN.1 (Abstract Syntax Notation) BER (Basic Encoding Rules) CER (Canonical Encoding Rules) DER (Distinguished Encoding Rules) 2nd PER (Packed Encoding Rules) XER (XML Encoding Rules) ASP (Active Server Pages) configuration settings cross-site scripting file access file inclusion inline evaluation shell invocation SQL injection queries ASP.NET configuration settings cross-site scripting file access file inclusion inline evaluation shell invocation SQL injection queries assessments applications code application review phase 2nd code auditing code navigation documentation and analysis phase 2nd preassessment phase process outline remediation support phase 2nd assets, information collection assignment operators, C programming language, type conversions asymmetric encryption Asynchronous JavaScript and XML (AJAX) asynchronous procedure calls (APCs) [See APCs (asynchronous procedure calls).] asynchronous-safe code, reentrancy asynchronous-safe function, signals 2nd 3rd ATL (Active Template Library), DCOM (Distributed Component Object Model) atomicity attack surfaces applications firewalls attack trees attack vectors, high-level attack vectors, OpenSSH attacks attack surfaces, applications attack trees bait-and-switch attacks blind data injection attacks blind reset attacks cryogenic sleep attacks DoS (denial of service) attacks name validation environmental attacks exceptional conditions homographic attacks node types second-order injection attacks shatter attacks SHE (structured exception handling) attacks SMB relay attacks spoofing attacks DNS (Domain Name System) firewalls terminal attacks attributes objects, uninitialized attributes UNIX processes file descriptors resource limits retention audit logs, function audit logs auditing application protocols data type matching data verification documentation collection identifying elements system resource access black box testing, compared code 2nd 3rd binary navigation tools CC (code comprehension) strategies CP (candidate point) strategies 2nd debuggers dependency alnalysis desk checking DG (design generalization) strategies 2nd fuzz testing tools internal flow analysis OpenSSH case study rereading code scorecard SDLC (Systems Development Life Cycle) source code navigators subsystem alnalysis test cases code-editing situations COM (Component Object Model) applications, interfaces control flow flow transfer statements looping constructs switch statements DCOM (Distributed Component Object Model) applications file opens, Windows NT functions argument meaning audit logs return value testing side-effects 2nd hidden fields importance of 2nd memory management ACC (allocation-check-copy) logs allocation functions allocator scorecards double-frees error domains permissions, ACLs RPC applications running code UNIX privileges, management code variables arithmetic boundaries initialization lists object management relationships structure management tables type confusion Web applications activities to isolate avoiding assumptions black box testing enumerating functionality goals multiple approaches reverse-engineering testing and experimentation AUTH_TYPE (environment variable) authenticate( ) function authentication common vulnerabilities insufficient validation untrustworthy credentials HTTP authentication 2nd RPC servers RPCs (Remote Procedure Calls), UNIX Web-based applications authentication files, OpenSSH authorization 2nd ASP.NET common vulnerabilities Authorization header field (HTTP) automated source analysis tools, code audits, CP candidate point) strategy automatic threat modeling automation objects, COM (Component Object Model) fuzz testing automation servers availability common vunerabilities expectations of |