T



Index


[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

tables, auditing 2nd
taint mode, Perl
tampering TCP connections
TCP (Transmission Control Protocol) 2nd
     connections 2nd
         closing
         establishing
         flags
         resetting
         states
     header validation
     headers
     options, processing
     processing
         sequence number boundary condition
         sequence number representation
         state processing
         URG pointer processing
         window scale option
     segments
     stateful firewalls
     stateless firewalls
     streams 2nd
         blind connection spoofing
         blind data injection attacks
         blind reset attacks
         connection fabrication
         connection tampering
         spoofing
TCP/IP
TCP/IP Illustrated, Volume 1 2nd
TE header field (HTTP)
teardrop vunerability, Linux
tempnam( ) function
temporary files, UNIX
     directory cleaners
     file reuse
     unique creation
terminal devices
terminal emulation software
terminals, UNIX, process terminals
TerminateThread( ) function
terminating conditions, loops
termination, UNIX processes
test cases, code audits
     constraint establishment
     extraneous input thinning
     multiple inputs
     unconstrained data types
testing
     black box testing
     for SQL injection
     SDLC (Systems Development Life Cycle)
     Web applications
text
     character sets
     metacharacters 2nd
         embedded dilimiters
         filtering
         format strings
         formats
         NUL-byte injection
         path metacharacters
         Perl open( ) function
         shell metacharacters
         SQL queries
         truncation
     Unicode
         character equivalence
         code page assumptions
         decoding
         homographic attacks
         NUL-termination
         UTF-16 encoding
         UTF-8 encoding
         Windows functions
text strings
     bounded string functions 2nd
     character expansion
     format strings
     handling, C programming language
     pointers, incorrect increments
     typos
     unbounded copies
     unbounded string functions
text-based protocols, data types, matching
Text-Processing Error in Apache mod_mime listing (8-7)
TEXTSEARCH method
tgetent( ) function
third-party evaluations
third-party preliminary evaluations
third-party product range comparisons
Thompson, Hunter S. 2nd
Thompson, Ken
threading
     Active X
     COM (Component Object Model)
     Java servlets
     RPCs (Remote Procedure Calls)
threads
     multithreaded programs, synchronicity
     starvation
    synchronicity
         deadlocks
         PThreads API
         race conditions
         starvation
         Windows API
     Windows NT
threat identification
threat mitigation
Threat Modeling
threat modeling
     application architecture modeling
     automatic threat modeling
     code audits, DG (design generalization) strategy
     findings, documenting
     information collection
     threat identification
three-way handshakes, TCP connections
Thumann, Michael
time( ) functions
tmpfile( ) function
tmpnam( ) function
TOCTOU (time to check to time of use)
     junction points
     UNIX file system
tokens
     creating, password requirements
     session tokens 2nd
tools
     code audits
         binary navigation tools
         debuggers
         fuzz testing tools
         OpenSSH case study
         source code navigators
     UNIX
top-down approach, application review
top-down progression
toupper( ) function
TRACE method
tracing
     black box hits
     code
     malicious input
Trailer header field (HTTP)
Transfer-Encoding header field (HTTP)
transform payloads, ISAKMP (Internet Security Association and Key Management Protocol)
transformations, XSLT (Extensible Stylesheet Language Transformation)
transitive trusts, exploiting
Transmission Control Protocol (TCP)
transport layer, network segmentation
transports, RPCs (Remote Procedure Calls)
truncation
     file paths
     integer types
     metacharacters
     NFS
     sign extensions
Truncation Vulnerability Example in NFS listing (6-16)
Truncation Vulnerabilty Example listing (6-17)
trust boundaries
     complex trust boundaries
     simple trust boundaries
trust domains
trust models
trust relationships
     software design
         chain of trust rleationships
         complex trust boudaries
         defense in depth
         simple trust boudaries
     vulnerabilities
trusted authorities
trusts, transitive trusts, exploiting
try_lib( ) function
Twos Complement Representation of -15 listing (6-1)
type coercions [See type conversions, C programming language.]
type confusion 2nd
Type Confusion listing (7-11)
type conversions, C programming language
     assignment operators
     comparisons
     conversion rules
     default type conversions
     explicit type conversions
     floating point types
     function prototypes
     implicit type conversions
     integer promotions
     narrowing
     sign extensions
     simple conversions
     typecasts
     usual arithmetic conversions
     value preservation
     vunerabilities
     widening
type libraries, COM (Component Object Model) 2nd
typecasts, C programming language
types, C programming language
typos
     C programming language
     loops
     text strings




The Art of Software Security Assessment. Identifying and Preventing Software Vulnerabilities
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
ISBN: 0321444426
EAN: 2147483647
Year: 2004
Pages: 194

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net