W

Previous page
Table of content
Next page


Index


[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

wait functions
waitable timer, Windows NT
Wang, Xiaoyun
Warning header field (HTTP)
waterfall models
wcsncpy( ) function
Web 2.0
Web applications
     access control
     ASP (Active Server Pages)
         configuration settings
         cross-site scripting
         file access
         file inclusion
         inline evaluation
         shell invocation
         SQL injection queries 2nd
     ASP.NET
         configuration settings
         cross-site scripting
         file access
         file inclusion
         inline evaluation
         shell invocation
         SQL injection queries
     auditing
         activities to isolate
         avoiding assumptions
         black box testing
         enumerating functionality
         goals
         multiple approaches
         reverse-engineering
         testing and experimentation
     authentication
     authorization
     business logic
     C/C++ problems
     CGI (Common Gateway Interface) 2nd
         environment variables
         indexed queries
     client control
     client visibility
     dynamic content
     ecryption
     HTML (Hypertext Markup Langage)
     HTTP (Hypertext Transport Protocol)
         authentication 2nd
         cookies
         embedded path information
         forms
         headers
         methods 2nd
         overview of
         parameter encoding
         query strings
         requests
         responses
         sessions 2nd
         state maintenance
         versions
     IDC (Internet Database Connection)
     Java servlets
         configuration settings
         cross-site scripting
         file access
         file inclusion
         inline evaluation
         JSP file inclusion
         shell invocation
         SQL injection queries
         threading
         Web server APIs versus
     N-tier architectures 2nd
         business tier
         client tier
         data tier
         MVC (Model-View-Controller)
         Web tier 2nd
     OS and file system interaction
         execution
         file uploading
         null bytes
         path traversal
         programmatic SSI
     overview of
     page flow
     parameters, transmitting
         embedded path information
         forms
         GET method 2nd
         parameter encoding
         POST method
         query strings
     Perl
         cross-site scripting
         file access
         file inclusion
         inline evaluation
         shell invocation
         SQL injection queries
         taint mode
     phishing and impersonation
     PHP (PHP Hypertext Preprocessor)
         configuration settings
         cross-site scripting
         file access
         file inclusion
         inline evaluation
         shell invocation 2nd
         SQL injection queries
     presentation logic
     redundancy
     security environment
     server-side scripting
     sessions
         security vulnerabilities
         session management
         session tokens
     SQL injection
         parameterized queries
         prepared statements
         second order injection
         stored procedures
         testing for
     SSIs (server-side includes)
     static content
     Struts framework
     threading issues
     URIs (Uniform Resource Identifiers)
     Web server APIs
     XML injection
     XPath injection
     XSLT (Extensible Stylesheet Language Transformation)
     XSS (cross-site scripting)
Web Distributed Authoring and Versioning (WebDAV) methods
Web server APIs, Java servlets versus
Web servers
     APIs
     directory indexing
     server-side scripting
     server-side transformation
     SSIs (server-side includes)
Web Services
     AJAX (Asynchronous JavaScript and XML)
     REST (Representational State Transfer)
     SOAP (Simple Object Access Protocol)
Web Services Description Language (WSDL)
Web tier (Web applications) 2nd
Web-specific vulnerabilities, applications
     authentication
     default site installations
     directory indexing
     file handlers
     HTTP request methods
     overly verbose error messages
     public-facing administrative interfaces
web.config file, ASP.NET
WebDAV (Web Distributed Authoring and Versioning) methods
Weil, Alejandro David
WEP (Wired Equivalent Privacy)
white-list filters, metacharacters
Whitehead, Alfred North
Wi-Fi Protected Access (WPA)
WideCharToMultiByte( ) function 2nd
width, integer types 2nd
Wilson, Daniel H.
window scale option, TCP (Transmission Control Protocol) processing
window station, IPC (interprocess communications)
Windows functions, Unicode
Windows Internals, 4th Edition
Windows messaging, IPC (interprocess communications)
     DDE (Dynamic Data Exchange)
     desktop object
     shatter attacks
     window station
     WTS (Windows Terminal Services)
Windows NT 2nd
    COM (Component Object Model)
         Active X security
         application IDs
         automation objects 2nd
         CLSID mapping
         components
         DCOM Configuration utility
         interfaces
         OLE (Object Linking and Embedding)
         proxies
         stubs
         threading
         type libraries
    DCOM (Distibuted Component Object Model)
         access controls
         application audits
         application identity
         application registration
         ATL (Active Template Library)
         DCOM Configuration utility
         impersonation
         interface audits
         MIDL (Microsoft Interface Definition Language)
         subsystem access permissions
     development of
     event objects
     file access
         canonicalization
         case sensitivity
         device files
         DOS 8.3 filenames
         extraneous filename characters
         File I/O API
         file open audits
         file squatting
         file streams
         file types
         links
         permissions
     IPC (interprocess communications)
         COM (Component Object Model)
         DDE (Dynamic Data Exchange)
         desktop object
         impersonation
         mailslots
         messaging
         pipes
         redirector
         RPCs (Remote Procedure Calls)
         security
         shatter attacks
         window station
         WTS (Windows Terminal Services)
     KOM (Kernel Object Manager)
     multithreaded programs, synchronicity
     mutex objects
     namespaces
     objects
         boundary descriptor objects
         handles
         namespaces
         nonsecurable objects
         SymbolicLink objects
         system objects
     origins of
    pipes
         anonymous pipes
         creating
         impersonation
         named pipes
         permissions
         pipe squatting
     POSIX subsystem, signals, handling
     processes
         DLL loading
         loading
         process synchronization
         services
         ShellExecute( ) function
         ShellExecuteEx( ) function
     registry
         key permissions
         key squatting
         predefined keys
         value squatting
    RPCs (Remote Procedure Calls)
         ACFs (application configuration files)
         application audits
         connections
         context handles
         DCE (Distributed Computing Environment) RPCs
         IDL file structure
         impersonation
         MIDL (Microsoft Interface Definition Language)
         ONC (Open Network Computing) RPCs
         proprietary state mechanisms
         RPC servers
         threading
         transports
     security descriptors
         access masks
         ACL inheritance
         ACL permissions
         programming interfaces
         strings
     semaphores
     sessions
         access tokens 2nd
         logon rights
         SIDs (security IDs)
     threads
     waitable timer
Windows registry, path metacharacters
Windows System Programming
WinObj
Wired Equivalent Privacy (WEP)
Wojtczuk, Rafal
working directories, UNIX
working papers, application review
WPA (Wi-Fi Protected Access)
Writing Secure Code, 2nd Edition 2nd 3rd
writing to files, stdio file system
WSDL (Web Services Description Language)
_wsprintfW( ) function
WTS (Windows Terminal Services), Windows messaging
WWW-Authenticate header field (HTTP)
WWW-Link header field (HTTP)
WWW-Title header field (HTTP)



Previous page
Table of content
Next page
The Art of Software Security Assessment. Identifying and Preventing Software Vulnerabilities
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
ISBN: 0321444426
EAN: 2147483647
Year: 2004
Pages: 194
Authors: Mark Dowd, John McDonald, Justin Schuh
BUY ON AMAZON
High-Speed Signal Propagation[c] Advanced Black Magic
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
Postfix: The Definitive Guide
MySQL Cookbook
.NET System Management Services
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy