Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] tables, auditing 2nd taint mode, Perl tampering TCP connections TCP (Transmission Control Protocol) 2nd connections 2nd closing establishing flags resetting states header validation headers options, processing processing sequence number boundary condition sequence number representation state processing URG pointer processing window scale option segments stateful firewalls stateless firewalls streams 2nd blind connection spoofing blind data injection attacks blind reset attacks connection fabrication connection tampering spoofing TCP/IP TCP/IP Illustrated, Volume 1 2nd TE header field (HTTP) teardrop vunerability, Linux tempnam( ) function temporary files, UNIX directory cleaners file reuse unique creation terminal devices terminal emulation software terminals, UNIX, process terminals TerminateThread( ) function terminating conditions, loops termination, UNIX processes test cases, code audits constraint establishment extraneous input thinning multiple inputs unconstrained data types testing black box testing for SQL injection SDLC (Systems Development Life Cycle) Web applications text character sets metacharacters 2nd embedded dilimiters filtering format strings formats NUL-byte injection path metacharacters Perl open( ) function shell metacharacters SQL queries truncation Unicode character equivalence code page assumptions decoding homographic attacks NUL-termination UTF-16 encoding UTF-8 encoding Windows functions text strings bounded string functions 2nd character expansion format strings handling, C programming language pointers, incorrect increments typos unbounded copies unbounded string functions text-based protocols, data types, matching Text-Processing Error in Apache mod_mime listing (8-7) TEXTSEARCH method tgetent( ) function third-party evaluations third-party preliminary evaluations third-party product range comparisons Thompson, Hunter S. 2nd Thompson, Ken threading Active X COM (Component Object Model) Java servlets RPCs (Remote Procedure Calls) threads multithreaded programs, synchronicity starvation synchronicity deadlocks PThreads API race conditions starvation Windows API Windows NT threat identification threat mitigation Threat Modeling threat modeling application architecture modeling automatic threat modeling code audits, DG (design generalization) strategy findings, documenting information collection threat identification three-way handshakes, TCP connections Thumann, Michael time( ) functions tmpfile( ) function tmpnam( ) function TOCTOU (time to check to time of use) junction points UNIX file system tokens creating, password requirements session tokens 2nd tools code audits binary navigation tools debuggers fuzz testing tools OpenSSH case study source code navigators UNIX top-down approach, application review top-down progression toupper( ) function TRACE method tracing black box hits code malicious input Trailer header field (HTTP) Transfer-Encoding header field (HTTP) transform payloads, ISAKMP (Internet Security Association and Key Management Protocol) transformations, XSLT (Extensible Stylesheet Language Transformation) transitive trusts, exploiting Transmission Control Protocol (TCP) transport layer, network segmentation transports, RPCs (Remote Procedure Calls) truncation file paths integer types metacharacters NFS sign extensions Truncation Vulnerability Example in NFS listing (6-16) Truncation Vulnerabilty Example listing (6-17) trust boundaries complex trust boundaries simple trust boundaries trust domains trust models trust relationships software design chain of trust rleationships complex trust boudaries defense in depth simple trust boudaries vulnerabilities trusted authorities trusts, transitive trusts, exploiting try_lib( ) function Twos Complement Representation of -15 listing (6-1) type coercions [See type conversions, C programming language.] type confusion 2nd Type Confusion listing (7-11) type conversions, C programming language assignment operators comparisons conversion rules default type conversions explicit type conversions floating point types function prototypes implicit type conversions integer promotions narrowing sign extensions simple conversions typecasts usual arithmetic conversions value preservation vunerabilities widening type libraries, COM (Component Object Model) 2nd typecasts, C programming language types, C programming language typos C programming language loops text strings |