Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] DACL (discretionary access control list) daemons, UNIX Dangerous Data Type Use listing (7-41) Dangerous Use of IsDBCSLeadByte( ) listing (8-30) Dangerous Use of strncpy( ) listing (8-2) data assumptions, ACC logs data buffers, OpenSSH, vunerabilities data flow diagrams (DFDs) data flow, vunerabilities data hiding data integrity cryptographic signature hash functions originator validation salt values data link layer, network segmentation data ranges, lists 2nd data storage, C programming language data tier (Web applications) Data Truncation Vulnerability 2 listing (8-12) Data Truncation Vulnerability listing (8-11) data types, application protocols, matching data verification, application protocols data-flow sensitivee code navigation data_xfer( ) function datagrams, IP datagrams Date header field (HTTP) DCE (Distirbuted Computing Environment) RPCs 2nd DCE (Distributed Computing Environment) RPCs 2nd DCOM (Distributed Component Object Model) 2nd 3rd access controls Active X security application audits application identity application registration ATL (Active Template Library) automation objects, fuzz testing DCOM Configuration utility impersonation interface audits MIDL (Microsoft Interface Definition Language) subsystem access permissions DCOM Configuration utility DDE (Dynamic Data Exchange) Windows messaging DDE Management Library (DDEML) API de Weger, Benne deadlocks concurrent programming 2nd threading debuggers, code auditing DecodePointer( ) function DecodeSystemPointer( ) function Decoding Incorrect Byte Values listing (8-28) decoding routines, RPCs (Remote Procedure Calls), UNIX decoding, Unicode decomposition, software design default argument promotions 2nd default settings, insecure defaults default site installations, Web-based applications Default Switch Case Omission Vulnerability listing (7-24) default type conversions defense in depth definition files, RPCs (Remote Procedure Calls), UNIX DELETE method delete payloads, ISAKMP (Internet Security Association and Key Management Protocol) delete_session( ) function Delivering Signals for Fun and Profitî demilitarized zones (DMZs) denial-of-service (DoS) attacks [See DoS (denial-of-service) attacks.] dependency alnalysis, code audits DER (Distinguished Encoding Rules), ASN.1 (Abstract Syntax Notation) Derived-From header field (HTTP) descriptors, UNIX files design SDLC (Systems Development Life Cycle) software abstraction accuracy algorithms clarity decomposition failure handling loose coupling strong cohesion strong coupling exploitation threat modeling transitive trust exploitation trust relationships vunerabilities design conformity checks, DG (design generalization) strategy desk checking, code audits desktop object, IPC (interprocess communications) Detect_attack Small Packet Algorithm in SSH listing (6-18) Detect_attack Truncation Vulnerability in SSH listing (6-19) developer documentation, reviewing developers, interviewing development protective measures, operational vulnerabilities ASLR (address space layout randomization) heap protection nonexecutable stacks registered function pointers stack protection VMs (virtual machines) device files UNIX Windows NT DeviceIoControl( ) function DFDs (data flow diagrams) DG (design generalization) strategies, code audits 2nd design conformity check hypothesis testing system models Different Behavior of vsnprintf( ) on Windows and UNIX listing (8-1) Digital Encryption Standard (DES) encryption Digital Equipment Corporation (DEC) Virtual Memory System (VMS) dilimiters embedded delimiters, metacharacters extraneous dilimiters direct program invocation, UNIX directionality, stateful firewalls directories, UNIX 2nd creating entries Filesystem Hierarchy Standard mount points parent directories permissions public directories race conditions root directories safety working directories directory cleaners, UNIX temporary files directory indexing, Web servers Directory Traversal Vulnerability listing (8-15) discretionary access control list (DACL) Distributed Component Object Model (DCOM) [See DCOM (Distributed Component Object Model).] Division Vulnerability Example listing (6-27) DllGetClassObject( ) function DLLs (dynamic link libraries) loading redirection dlopen( ) function DMZs (demilitarized zones) DNS (Domain Name System) 2nd headers length variables 2nd 3rd name servers names packets question structure request traffic resource records 2nd conventions spoofing zones do_cleanup( ) function do_ip( ) function do_mremap( ) function documentation application protocols, collecting threat modeling documentation phase, code review 2nd findings summary domain name caches Domain Name System (DNS) [See DNS (Domain Name System).] domain names domain sockets, UNIX 2nd domains error domains DoS (denial-of-service) attacks name validation DOS 8.3 filenames Double-Free Vulnerability in OpenSSL listing (7-46) Double-Free Vulnerability listing (7-45) double-frees, auditing doubly linked lists Dowd, Mark 2nd Dragomirescu, Razvan DREAD risk ratings Dubee, Nicholas duplicate elements, lists dynamic content Dynamic Data Exchange (DDE) [See DDE (Dynamic Data Exchange).] dynamic link libraries (DLLs) [See DLLs (dynamic link libraries).] |