S | The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

sa_handler
Sacerdote, David
SAFER (Software Restriction Policies) API, Windows NT sessions, access tokens
SafeSEH
salt values
sandboxing
SAPI_POST_READER_FUNC( ) function
saved set groups (UNIX)
saved set users (UNIX)
saved set-user-IDs (UNIX)
saved-set-group-IDs (UNIX)
/sbin directory (UNIX)
scanf( ) functions
scanning
     TCP packets
Schneier, Bruce
SCM (Services Control Manager)
SCO
scoping, code review
scorecards, code audits
script URI
SCRIPT_NAME (environment variable)
scripts
     server-side scripting
     XSS (cross-site scripting)
SDLC (Systems Development Life Cycle), code audits
SEARCH method
search_orders( ) function
second order injection
second-order injection attacks
secondary groups, UNIX
securable objects, Windows NT
secure channels
Secure Programming
Secure Socket Layer/Transport Layer Security (SSL/TLS) 2nd
Secure Sockets Layer (SSL) [See SSL (Secure Sockets Layer).]
securelevels (BSD)
security
     access control
     C/C++ problems
     expectations
     OS and file system interaction
         execution
         file uploading
         null bytes
         path traversal
         programmatic SSI
     phishing and impersonation
     policies, enforcing
     SQL injection
         parameterized queries
         prepared statements
         second order injection
         stored procedures
         testing for
     threading issues
     Web environments
     XML injection
     XPath injection
     XSS (cross-site scripting)
security association (SA) payloads, ISAKMP (Internet Security Association and Key Management Protocol)
Security Association and Key Management Protocol (ISAKMP) [See ISAKMP (Internet Security Association and Key Management Protocol).]
security breaches, policy breaches, compared
security descriptors, Windows NT
     access masks
     ACL inheritance
     ACL permissions
     programming interfaces
     strings
segmentation (network)
     layer 1 (physical)
     layer 2 (data link)
     layer 3 (network)
     layer 4 (transport)
     layer 5 (session)
     layer 6 (presentation)
     layer 7 (application)
segments, TCP (Transmission Control Protocol)
SEH (structured exception handling) attacks 2nd
SelimpersonatePrivilege, IPC (interprocess communications)
semaphore sets
semaphores
     System V IPC
     Windows NT
semget( ) function
sending signals
Sendmail
     crackaddr( ) function, vunerabilities
     prescan sign extension vunerability
     return values, update vunerability
Sendmail crackaddr( ) Related Variables Vulnerability listing (7-3)
Sendmail Return Value Update Vulnerability listing (7-32)
sentinel nodes
sequence numbers, TCP (Transmission Control Protocol)
Server header field (HTTP)
Server Message Blocks (SMBs) 2nd
server-side includes (SSIs)
server-side scripting
server-side transformation
SERVER_NAME (environment variable)
SERVER_PORT (environment variable)
SERVER_PROTOCOL (environment variable)
SERVER_SOFTWARE (environment variable)
servers
     automation servers
     name servers, DNS (Domain Name System)
     pipe squatting
    Web servers
         APIs
         server-side scripting
         server-side transformation
         SSIs (server-side includes)
service image paths
service-oriented architecture (SOA)
services, Windows NT
servlets [See Java servlets.]
session credentials, redirector
session layer, network segmentation
session tokens 2nd
sessions
     HTTP 2nd
         security vulnerabilities
         session management
         session tokens
     UNIX, process sessions
     Windows NT 2nd
         access tokens 2nd
         logon rights
         SIDs (security IDs)
setegid( ) function
setenv( ) function 2nd
Setenv( ) Vulnerabilty in BSD listing (10-2)
seteuid( ) function
setgid (set-group-id), UNIX
setgid programs (UNIX)
setgid( ) function
setgroups( ) function
setjump( ) function
setregid( ) function
setresgid( ) function
setresuid( ) function
setreuid( ) function
setrlimit( ) function
SetThreadToken( ) function
settings, default settings, insecure defaults
setuid (set-user-id), UNIX
setuid programs (UNIX)
setuid root programs (UNIX)
setuid( ) function 2nd
SGML (Standard Generalized Markup Language)
shadow password files, UNIX
shared key encryption
shared libraries
shared memory blocks
shared memory segments
     synchronization
shared memory, multiple processes
sharing files, UNIX
shatter attacks, Windows messaging
SHELL environment variable (UNIX)
shell environment variables, UNIX
shell histories, UNIX
shell invocation
     ASP
     ASP.NET
     Java servlets
     Perl
     PHP 2nd
shell login scripts, UNIX
shell logout scripts, UNIX
Shell Metacharacter Injection Vulnerability listing (8-18)
shell metacharacters
shellcode 2nd
Shellcoder's Handbook, The 2nd
ShellExecute( ) function
ShellExecuteEx( ) function
shells, UNIX users
side-effects, functions
     auditing
     referentially opaque side effects
     referentially transparent side effects
SIDs (security IDs), Windows NT
siglongjump( ) function
sign bit
     arithmetic schemes
     signed integer types
Sign Extension Vulnerability Example listing (6-12)
sign extensions
     type conversions
         truncation
Sign-Extension Example listing (6-14)
Sign-Preserving Right Shift listing (6-25)
signal handler scoreboard
Signal Interruption listing (13-1)
signal marks
signal masks
Signal Race Vulnerability in WU-FTPD listing (13-2)
signal( ) function 2nd
signals
     asynchronous-safe function 2nd 3rd
     default actions
     handling
     interruptions 2nd
     jump locations
     non-returning signal handlers 2nd
     repetition
     sending
     signal handler scoreboard
     signal masks
     vunerabilities 2nd
signature payloads, ISAKMP (Internet Security Association and Key Management Protocol)
signatures, cryptographic signatures
Signed Comparison Example in PHP listing (6-23)
Signed Comparison Vulnerability Example listing (6-7)
Signed Comparison Vulnerability listing (6-21)
signed integer types, C programming language
Signed Integer Vulnerability Example listing (6-5)
signed integers
     boundaries
     conversions
         vunerabilities
     narrowing
     sign bit, arithmetic schemes
     widening
signing Active X controls
sigsetjump( ) function
SIGSTOP default action
simple binary CPs (candidate points)
simple lexical CPs (candidate points)
Simple Mail Transfer Protocol (SMTP)
Simple Nonterminating Buffer Overflow Loop listing (7-15)
Simple Object Access Protocol (SOAP)
simple type conversions, C programming language
single sign-on (SSO) system
single-threaded apartment (STA), COM (Component Object Model)
singly linked lists
site-restricted controls, Active X
size, operators, vunerabilities
Sizeof Misuse Vulnerability Example listing (6-24)
sizeof( ) function 2nd
SMB relay attacks
SMBs (Server Message Blocks) 2nd
SMTP (Simple Mail Transfer Protocol)
sniffing attacks
snort reassembly vunerability, TCP (Transmission Control Protocol)
snprintf( ) function 2nd 3rd
Snyder, Window
SOA (service-oriented architecture)
SOAP (Simple Object Access Protocol)
socketpair( ) function 2nd
soft links, UNIX files 2nd
software
     requirements
     security expectations
     specifications
     vulnerabilities 2nd
         bugs
         classifying
         data flow
         design vunerabilities
         environmental attacks
         exceptional conditions
         implementation vunerabilities
         input
         interfaces
         operational vunerabilities
         security policies
         trust relationships
software design
     abstraction
     accuracy
     algorithms
     application architecture modeling
     clarity
     decomposition
     failure handling
     loose coupling
     strong cohesion
     strong coupling exploitation
     threat modeling
         information collection
     transitive trust exploitation
     trust relationships
         chain of trust relationships
         complex trust boundaries
         defense in depth
         simple trust boundaries
Software Restriction Policies (SAFER) API [See SAFER (Software Restriction Policies) API, Windows NT sessions, access tokens.]
Solaris
Solomon, David A. 2nd
Song, Dug
source code audits, COM (Component Object Model)
source code navigators, code audits
     Code Surfer
     Cscope
     Ctags
     Source Navigator
     Understand
source code, profiling
Source Navigator
source routing
     IP (Internet Protocol)
     packets
source-only application access
SPACEJUMP method
specialization approach, application review
specifications, software
SPIKE fuzz testing tool
spoofing
     DNS (Domain Name System)
     TCP streams
         blind connection spoofing
spoofing attacks, firewalls 2nd
     close spoofing
     distant spoofing
     encapsulation
     source routing
sprintf( ) functions 2nd 3rd
SQL (Structured Query Langauge)
     queries, metacharacters
     SQL injection
         ASP 2nd
         ASP.NET
         Java servlets
         parameterized queries
         Perl
         PHP
         prepared statements
         second order injection
         stored procedures
         testing for
SQL Injection Vulnerability listing (8-20)
SQL Truncation Vulnerability listing (8-21)
SSIs (server-side includes)
SSL (Secure Sockets Layer)
SSL/TLS (Secure Socket Layer/Transport Layer Security)
SSL/TLS (Secure Sockets Layer/Transport Layer Security)
SSO (single sign-on) system
STA (single-threaded apartment), COM (Component Object Model)
stack cookies
stack overflows
stack protection, operational vulnerabilities, preventing
Stackguard, stack cookies
stacks
     ADT (abstract data type)
     EBP (extended base pointer)
     ESP (extended stack pointer)
     nonexecutable stacks
     stack protection
Standard Generalized Markup Language (SGML)
standards documentation
standards, C programming language
starvation, threads 2nd
Starzetz, Paul 2nd
stat( ) function
state mechanisms, RPCs (Remote Procedure Calls)
state processing, TCP (Transmission Control Protocol)
state tables
     spoofing
state, maintaining
     client IP addresses
     cookies
     embedding state in HTML and URLs
     HTTP authentication 2nd
     Referer request headers
     sessions 2nd
         security vulnerabilities
         session management
         session tokens
     stateful versus stateless systems
stateful firewalls
     directionality
     fragmentation
     stateful inspection firewalls
     TCP (Transport Control Protocol)
     UDP (User Datagram Protocol)
stateful inspection firewalls
     layering
stateful packet filters
stateful systems
stateless firewalls
     fragmentation
     FTP (File Transfer Protocol)
     TCP (Transmission Control Protocol)
     UDP (User Datagram Protocol)
stateless packet filters
stateless systems
statements
     break statements, omissions
     flow transfer statements, auditing
     out-of-order statements
     prepared statements
     switch statements, auditing
states, TCP connections
static content
static variables
status checks, application review
stdio file system, files
     closing
     opening
     reading
     writing to
Stevens, Ted
Stevens, W. Richard
Stickley, Jim
storage, C programming language
stored procedures
strcat( ) function
strcpy( ) functions 2nd
Strcpy( )-like Loop listing (8-3)
stream ciphers, encryption
streams (file), Windows NT
streams, TCP (Transmission Control Protocol) 2nd
     blind connection spoofing
     blind data injection attacks
     blind reset attacks
     connection fabrication
     connection tampering
     spoofing
strict black box application access
strict context handles, RPCs (Remote Procedure Calls)
strings
     bounded string functions 2nd
     character expansion
     format strings
     handling, C programming language
    pointers
         incorrect increments
         typos
     unbounded copies
     unbounded string functions
     Windows NT security descriptors
strlcat( ) function
strlcpy( ) function
strlen( ) function
strncat( ) function
strncpy( ) function 2nd
strong cohesion, software design
strong coupling, software design exploitation
strongly coupled modules
Structure Padding in a Network Protocol listing (6-32)
structure padding, C programming language
structured exception handling (SHE) attacks
structures, variables, management
Struts framework
stub resolvers (DNS)
stubs, COM (Component Object Model)
subdomains
subnet addresses
subsystem access permissions, DCOM (Distributed Component Object Model)
subsystem alnalysis, code audits
superusers, UNIX
supplemental group privileges, UNIX, dropping permanently
supplemental groups, UNIX 2nd 3rd
Swiderski, Frank
switch statements
     auditing
     C programming language
switching
symbolic links, UNIX files 2nd
SymbolicLink objects
symmetric encryption
     block ciphers
synchronization
     APCs (asynchronous procedure calls)
     deadlocks 2nd
     multithreaded programs
     process synchronization
         interprocess synchronization
         lock matching
         synchronization object scoreboard
         System V synchronization
         Windows NT synchronization
     race conditions
     reentrancy
     shared memory segments
     signals
         asynchronous-safe function 2nd 3rd
         default actions
         handling
         interruptions 2nd
         jump locations
         non-returning signal handlers 2nd
         repetition
         sending
         signal handler scoreboard
         signal masks
         vunerabilities 2nd
     starvation
    threads
         deadlocks
         PThreads API
         race conditions
         starvation
         Windows API
synchronization object scoreboard
syntax highlighting
synthesized request variables
SysInternals
syslog( ) function
system call gateways
system configuration files, UNIX
system file table, UNIX
system objects, Windows NT
system profiling
system resources, access, auditing
System V-IPC mechanisms
     process synchronization
     semaphores
     UNIX
system virtualization
system( ) function