I | The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

IDA Pro binary navigation tool
IDC (Internet Database Connection)
identification payloads, ISAKMP (Internet Security Association and Key Management Protocol)
idioms, UNIX privileges, misuse of
IDL files, RPCs (Remote Procedure Calls)
IDs, files, UNIX
IDSs (intrusion detection systems)
     host-based IDSs (intrusion detection systems)
If Header Processing Vulnerability in Apache's mod_dav Module listing (8-6)
If-Match header field (HTTP)
If-Modified-Since header field (HTTP)
If-None-Match header field (HTTP)
If-Range header field (HTTP)
If-Unmodified-Since header field (HTTP)
Ignoring realloc( ) Return Value listing (7-25)
Ignoring Return Values listing (7-28)
ImpersonateNamedPipe( ) function
impersonation
     DCOM (Distributed Component Object Model)
     IPC (interprocess communications)
         levels
         SelimpersonatePrivilege
     RPCs (Remote Procedure Calls)
     Windows NT sessions, access tokens
implementation
     SDLC (Systems Development Life Cycle)
     vunerabilities
implementation analysis, OpenSSH, code auditing
implementation defined behavior, C programming language
implicit type conversions
import function tables
imports, Windows binary layout
in-band representation, metadata
in-house software audits
.inc files
     ASP
     PHP
include( ) method, Java servlets
Incorrect Temporary Privilege Relinquishment in FreeBSD Inetd listing (9-2)
independent research
indexed queries 2nd
Indirect Memory Corruption listing (5-5)
indirect program invocation, UNIX
information collection
     application review
     threat modeling
inheritance
     ACLs (access control lists), Windows NT
     Windows NT object handles
initgroups( ) function
initialization vector (IV)
initialization, variables, auditing
initialize_ipc( ) function
initJobThreads( ) function
inline evaluation
     ASP
     ASP.NET
     Java servlets
     Perl
     PHP
inodes (information nodes), UNIX files
input
     extraneous input thinning
     malicious input, tracing
     treating as hostile
     vulnerabilities
input_userauth_info_response( ) function
insecure defaults
insufficient validation, authentication
integer conversion rank
integer overflow
Integer Overflow Example listing (6-2)
Integer Overflow with 0Byte Allocation Check listing (7-37)
Integer Sign Boundary Vulnerability Example in OpenSSL 0.9.6l listing (6-6)
integer types, C programming language
integer underflow 2nd
integers
     promotions
    signed integers
         boundaries
         vunerabilities
     type conversions
         narrowing
         sign extensions
         value preservation
         widening
    unsigned integers
         boundaries 2nd
         numeric overflow
         numeric underflow
         vunerabilities
integration, SDLC (Systems Development Life Cycle)
integrity
     auditing, importance of 2nd
     common vunerabilities
     cryptographic signatures
     expectations of
     hash functions
     originator validation
     salt values
Intel architectures
     carry flags (CFs)
     multiplication overflows 2nd
interface proxies, COM (Component Object Model)
interfaces
     COM (Component Object Model) applications
         auditing
     network interfaces
     RPC servers, registering
     vulnerabilities
internal flow analysis, code auditing
internal trusted sources, spoofing attacks, firewalls
Internet Database Connection (IDC)
Internet Server Application Programming Interface (ISAPI)
interprocess communication, UNIX
interprocess communications (IPC) [See IPC (interprocess communications), Windows NT.]
interprocess synchronization, vulnerabilities
interruptions, signals 2nd
interviewing developers
intrusion prevention systems (IPSs) [See IPSs (intrusion prevention systems).]
INVALID_HANDLE_VALUE, NULL, compared
invocation
     DCOM objects
     UNIX programs
         direct invocation
         indirect invocation
IP (Internet Protocol)
     addresses
         maintaining state with
     addressing
     checksum
     fragmentation
         overlapping fragments
         pathological fragment sets
         processing
     header validation
     IP packets
     options
     source routing
     subnet
IPC (interprocess communications), Windows NT
     COM (Component Object Model)
     DDE (Dynamic Data Exchange)
     desktop object
     impersonation
     mailslots
     messaging
     pipes
     redirector
     RPCs (Remote Procedure Calls)
     security
     shatter attacks
     window station
     WTS (Windows Terminal Services)
IPSs (intrusion prevention systems)
     host-based IPSs (intrusion prevention systems)
IRIX
ISAKMP (Internet Security Association and Key Management Protocol)
     encryption vunerabilities
     headers
     payloads
         certificate payloads
         certificate request payloads
         delete payloads
         hash payloads
         identification payloads
         key exchange payloads 2nd
         nonce payloads
         notification payloads
         proposal payloads
         SA (security association) payloads
         signature payloads
         transform payloads
         vendor ID payloads
ISAPI (Internet Server Application Programming Interface)
ISAPI filters
IsDBCSLeadByte( ) function
iterative process, application review