D | The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

DACL (discretionary access control list)
daemons, UNIX
Dangerous Data Type Use listing (7-41)
Dangerous Use of IsDBCSLeadByte( ) listing (8-30)
Dangerous Use of strncpy( ) listing (8-2)
data assumptions, ACC logs
data buffers, OpenSSH, vunerabilities
data flow diagrams (DFDs)
data flow, vunerabilities
data hiding
data integrity
     cryptographic signature
     hash functions
     originator validation
     salt values
data link layer, network segmentation
data ranges, lists 2nd
data storage, C programming language
data tier (Web applications)
Data Truncation Vulnerability 2 listing (8-12)
Data Truncation Vulnerability listing (8-11)
data types, application protocols, matching
data verification, application protocols
data-flow sensitivee code navigation
data_xfer( ) function
datagrams, IP datagrams
Date header field (HTTP)
DCE (Distirbuted Computing Environment) RPCs 2nd
DCE (Distributed Computing Environment) RPCs 2nd
DCOM (Distributed Component Object Model) 2nd 3rd
     access controls
     Active X security
     application audits
     application identity
     application registration
     ATL (Active Template Library)
     automation objects, fuzz testing
     DCOM Configuration utility
     impersonation
     interface audits
     MIDL (Microsoft Interface Definition Language)
     subsystem access permissions
DCOM Configuration utility
DDE (Dynamic Data Exchange)
     Windows messaging
DDE Management Library (DDEML) API
de Weger, Benne
deadlocks
     concurrent programming 2nd
     threading
debuggers, code auditing
DecodePointer( ) function
DecodeSystemPointer( ) function
Decoding Incorrect Byte Values listing (8-28)
decoding routines, RPCs (Remote Procedure Calls), UNIX
decoding, Unicode
decomposition, software design
default argument promotions 2nd
default settings, insecure defaults
default site installations, Web-based applications
Default Switch Case Omission Vulnerability listing (7-24)
default type conversions
defense in depth
definition files, RPCs (Remote Procedure Calls), UNIX
DELETE method
delete payloads, ISAKMP (Internet Security Association and Key Management Protocol)
delete_session( ) function
Delivering Signals for Fun and Profitî
demilitarized zones (DMZs)
denial-of-service (DoS) attacks [See DoS (denial-of-service) attacks.]
dependency alnalysis, code audits
DER (Distinguished Encoding Rules), ASN.1 (Abstract Syntax Notation)
Derived-From header field (HTTP)
descriptors, UNIX files
design
     SDLC (Systems Development Life Cycle)
     software
         abstraction
         accuracy
         algorithms
         clarity
         decomposition
         failure handling
         loose coupling
         strong cohesion
         strong coupling exploitation
         threat modeling
         transitive trust exploitation
         trust relationships
         vunerabilities
design conformity checks, DG (design generalization) strategy
desk checking, code audits
desktop object, IPC (interprocess communications)
Detect_attack Small Packet Algorithm in SSH listing (6-18)
Detect_attack Truncation Vulnerability in SSH listing (6-19)
developer documentation, reviewing
developers, interviewing
development protective measures, operational vulnerabilities
     ASLR (address space layout randomization)
     heap protection
     nonexecutable stacks
     registered function pointers
     stack protection
     VMs (virtual machines)
device files
     UNIX
     Windows NT
DeviceIoControl( ) function
DFDs (data flow diagrams)
DG (design generalization) strategies, code audits 2nd
     design conformity check
     hypothesis testing
     system models
Different Behavior of vsnprintf( ) on Windows and UNIX listing (8-1)
Digital Encryption Standard (DES) encryption
Digital Equipment Corporation (DEC) Virtual Memory System (VMS)
dilimiters
     embedded delimiters, metacharacters
     extraneous dilimiters
direct program invocation, UNIX
directionality, stateful firewalls
directories, UNIX 2nd
     creating
     entries
     Filesystem Hierarchy Standard
     mount points
     parent directories
     permissions
     public directories
     race conditions
     root directories
     safety
     working directories
directory cleaners, UNIX temporary files
directory indexing, Web servers
Directory Traversal Vulnerability listing (8-15)
discretionary access control list (DACL)
Distributed Component Object Model (DCOM) [See DCOM (Distributed Component Object Model).]
Division Vulnerability Example listing (6-27)
DllGetClassObject( ) function
DLLs (dynamic link libraries)
     loading
     redirection
dlopen( ) function
DMZs (demilitarized zones)
DNS (Domain Name System) 2nd
     headers
     length variables 2nd 3rd
     name servers
     names
     packets
     question structure
     request traffic
     resource records 2nd
         conventions
     spoofing
     zones
do_cleanup( ) function
do_ip( ) function
do_mremap( ) function
documentation
     application protocols, collecting
     threat modeling
documentation phase, code review 2nd
     findings summary
domain name caches
Domain Name System (DNS) [See DNS (Domain Name System).]
domain names
domain sockets, UNIX 2nd
domains
     error domains
DoS (denial-of-service) attacks
     name validation
DOS 8.3 filenames
Double-Free Vulnerability in OpenSSL listing (7-46)
Double-Free Vulnerability listing (7-45)
double-frees, auditing
doubly linked lists
Dowd, Mark 2nd
Dragomirescu, Razvan
DREAD risk ratings
Dubee, Nicholas
duplicate elements, lists
dynamic content
Dynamic Data Exchange (DDE) [See DDE (Dynamic Data Exchange).]
dynamic link libraries (DLLs) [See DLLs (dynamic link libraries).]