|
|
|
Copyright
|
|
|
|
About the Authors
|
|
|
|
Preface
|
|
|
|
Acknowledgments
|
|
|
|
Part I: Introduction to Software Security Assessment
|
|
|
|
|
Chapter 1. Software Vulnerability Fundamentals
|
|
|
|
|
Introduction
|
|
|
|
|
Vulnerabilities
|
|
|
|
|
The Necessity of Auditing
|
|
|
|
|
Classifying Vulnerabilities
|
|
|
|
|
Common Threads
|
|
|
|
|
Summary
|
|
|
|
|
Chapter 2. Design Review
|
|
|
|
|
Introduction
|
|
|
|
|
Software Design Fundamentals
|
|
|
|
|
Enforcing Security Policy
|
|
|
|
|
Threat Modeling
|
|
|
|
|
Summary
|
|
|
|
|
Chapter 3. Operational Review
|
|
|
|
|
Introduction
|
|
|
|
|
Exposure
|
|
|
|
|
Web-Specific Considerations
|
|
|
|
|
Protective Measures
|
|
|
|
|
Summary
|
|
|
|
|
Chapter 4. Application Review Process
|
|
|
|
|
Introduction
|
|
|
|
|
Overview of the Application Review Process
|
|
|
|
|
Preassessment
|
|
|
|
|
Application Review
|
|
|
|
|
Documentation and Analysis
|
|
|
|
|
Reporting and Remediation Support
|
|
|
|
|
Code Navigation
|
|
|
|
|
Code-Auditing Strategies
|
|
|
|
|
Code-Auditing Tactics
|
|
|
|
|
Code Auditor's Toolbox
|
|
|
|
|
Case Study: OpenSSH
|
|
|
|
|
Summary
|
|
|
|
Part II: Software Vulnerabilities
|
|
|
|
|
Chapter 5. Memory Corruption
|
|
|
|
|
Introduction
|
|
|
|
|
Buffer Overflows
|
|
|
|
|
Shellcode
|
|
|
|
|
Protection Mechanisms
|
|
|
|
|
Assessing Memory Corruption Impact
|
|
|
|
|
Summary
|
|
|
|
|
Chapter 6. C Language Issues
|
|
|
|
|
Introduction
|
|
|
|
|
C Language Background
|
|
|
|
|
Data Storage Overview
|
|
|
|
|
Arithmetic Boundary Conditions
|
|
|
|
|
Type Conversions
|
|
|
|
|
Type Conversion Vulnerabilities
|
|
|
|
|
Operators
|
|
|
|
|
Pointer Arithmetic
|
|
|
|
|
Other C Nuances
|
|
|
|
|
Summary
|
|
|
|
|
Chapter 7. Program Building Blocks
|
|
|
|
|
Introduction
|
|
|
|
|
Auditing Variable Use
|
|
|
|
|
Auditing Control Flow
|
|
|
|
|
Auditing Functions
|
|
|
|
|
Auditing Memory Management
|
|
|
|
|
Summary
|
|
|
|
|
Chapter 8. Strings and Metacharacters
|
|
|
|
|
Introduction
|
|
|
|
|
C String Handling
|
|
|
|
|
Metacharacters
|
|
|
|
|
Common Metacharacter Formats
|
|
|
|
|
Metacharacter Filtering
|
|
|
|
|
Character Sets and Unicode
|
|
|
|
|
Summary
|
|
|
|
|
Chapter 9. UNIX I: Privileges and Files
|
|
|
|
|
Introduction
|
|
|
|
|
UNIX 101
|
|
|
|
|
Privilege Model
|
|
|
|
|
Privilege Vulnerabilities
|
|
|
|
|
File Security
|
|
|
|
|
File Internals
|
|
|
|
|
Links
|
|
|
|
|
Race Conditions
|
|
|
|
|
Temporary Files
|
|
|
|
|
The Stdio File Interface
|
|
|
|
|
Summary
|
|
|
|
|
Chapter 10. UNIX II: Processes
|
|
|
|
|
Introduction
|
|
|
|
|
Processes
|
|
|
|
|
Program Invocation
|
|
|
|
|
Process Attributes
|
|
|
|
|
Interprocess Communication
|
|
|
|
|
Remote Procedure Calls
|
|
|
|
|
Summary
|
|
|
|
|
Chapter 11. Windows I: Objects and the File System
|
|
|
|
|
Introduction
|
|
|
|
|
Background
|
|
|
|
|
Objects
|
|
|
|
|
Sessions
|
|
|
|
|
Security Descriptors
|
|
|
|
|
Processes and Threads
|
|
|
|
|
File Access
|
|
|
|
|
The Registry
|
|
|
|
|
Summary
|
|
|
|
|
Chapter 12. Windows II: Interprocess Communication
|
|
|
|
|
Introduction
|
|
|
|
|
Windows IPC Security
|
|
|
|
|
Window Messaging
|
|
|
|
|
Pipes
|
|
|
|
|
Mailslots
|
|
|
|
|
Remote Procedure Calls
|
|
|
|
|
COM
|
|
|
|
|
Summary
|
|
|
|
|
Chapter 13. Synchronization and State
|
|
|
|
|
Introduction
|
|
|
|
|
Synchronization Problems
|
|
|
|
|
Process Synchronization
|
|
|
|
|
Signals
|
|
|
|
|
Threads
|
|
|
|
|
Summary
|
|
|
|
Part III: Software Vulnerabilities in Practice
|
|
|
|
|
Chapter 14. Network Protocols
|
|
|
|
|
Introduction
|
|
|
|
|
Internet Protocol
|
|
|
|
|
User Datagram Protocol
|
|
|
|
|
Transmission Control Protocol
|
|
|
|
|
Summary
|
|
|
|
|
Chapter 15. Firewalls
|
|
|
|
|
Introduction
|
|
|
|
|
Overview of Firewalls
|
|
|
|
|
Stateless Firewalls
|
|
|
|
|
Simple Stateful Firewalls
|
|
|
|
|
Stateful Inspection Firewalls
|
|
|
|
|
Spoofing Attacks
|
|
|
|
|
Summary
|
|
|
|
|
Chapter 16. Network Application Protocols
|
|
|
|
|
Introduction
|
|
|
|
|
Auditing Application Protocols
|
|
|
|
|
Hypertext Transfer Protocol
|
|
|
|
|
Internet Security Association and Key Management Protocol
|
|
|
|
|
Abstract Syntax Notation (ASN.1)
|
|
|
|
|
Domain
Name
System
|
|
|
|
|
Summary
|
|
|
|
|
Chapter 17. Web Applications
|
|
|
|
|
Introduction
|
|
|
|
|
Web Technology Overview
|
|
|
|
|
HTTP
|
|
|
|
|
State and HTTP Authentication
|
|
|
|
|
Architecture
|
|
|
|
|
Problem Areas
|
|
|
|
|
Common Vulnerabilities
|
|
|
|
|
Harsh Realities of the Web
|
|
|
|
|
Auditing Strategy
|
|
|
|
|
Summary
|
|
|
|
|
Chapter 18. Web Technologies
|
|
|
|
|
Introduction
|
|
|
|
|
Web Services and Service-Oriented Architecture
|
|
|
|
|
Web Application Platforms
|
|
|
|
|
CGI
|
|
|
|
|
Perl
|
|
|
|
|
PHP
|
|
|
|
|
Java
|
|
|
|
|
ASP
|
|
|
|
|
ASP.NET
|
|
|
|
|
Summary
|
|
|
|
Bibliography
|
|
|
|
Index
|
