U | Software Security: Building Security In

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Taint analysis
Taxonomy of coding errors
     19 Deadly Sins ... 2nd
     attack classes
     hierarchy of
     "OWASP Top Ten ... Vulnerabilities," 2nd
     PLOVER (Preliminary List of Vulnerability Examples for Researchers)
     versus taxonomy of attack patterns
Taxonomy of coding errors, kingdoms
    API Abuse
         description
         example
         phyla
     Code Quality 2nd
         description
         example
         phyla
     definition
     Encapsulation 2nd
         description
         example
         phyla
     Environment 2nd
         description
         example
         phyla
     Error Handling 2nd
         description
         example
         phyla
     Input Validation and Representation 2nd
         description
         example
         phyla
     mapped to "OWASP Top Ten ... Vulnerabilities,"
     mapped to 19 Deadly Sins ...
     Security Features 2nd
         description
         example
         phyla
     summary list of
     Time and State 2nd
         description
         example
         phyla
Taxonomy of coding errors, phyla
     API Abuse Kingdom
     ASP.NET Misconfiguration
     Authentication 2nd
     Buffer Overflow
     Catch NullPointerException
     Code Quality Kingdom
     Command Injection
     Comparing Classes by Name
     Creating Debug Binary
     Cross-Site Scripting
     Dangerous Functions
     Data Leaking Between Users
     Deadlock
     definition
     Directory Restriction
     Double Free
     Duplicate Validation Forms
     Empty Catch Block
     Empty Password in Configuration File
     encapsulation kingdom
     Environment kingdom
     Erroneous validate() Method
     Error Handling kingdom
     Exception Handling
     Failure to Begin a New Session ...
     File Access Race Condition
     Form Field Without Validator
     Format String
     getConnection() method
     Hard-Coded Passwords
     Heap Inspection
     HTTP Response Splitting
     Illegal Pointer Value
     Inconsistent Implementations
     Input Validation And Representation kingdom
     Insecure Compiler Optimization
     Insecure Randomness
     Insecure Temporary File
     Integer Overflow
     J2EE Bad Practices 2nd
     J2EE Misconfiguration
     Least Privilege Violation
     Leftover Debug Code
     Log Forging
     Memory Leaks
     Missing Access Control
     Missing Custom Error Handler
     Missing Error Handling
     Mobile Code
     need for additional
     Non-Final Public Field
     Null Dereference
     Object Highjack
     Obsolete
     Often Misused 2nd
     Overly Broad Catch Block
     Overly Broad Throws Declaration
     Password in Configuration File 2nd
     Password Management
     Path Manipulation
     Path Traversal
     Privacy Violation
     Private Array-Type Field ...
     Privilege Management
     Process Control
     Public Data Assigned ...
     Race Condition
     Resource Injection
     Security Features kingdom
     Setting Manipulation
     Signal Handling Race Conditions
     Sockets
     SQL Injection
     String Manipulation
     String Termination Error
     Struts
     System Information Leak
     System.exit()
     Threads
     Time And State kingdom
     TOCTOU (time-of-check-time-of-use)
     Trust Boundary Violation
     Unchecked Return Value 2nd
     Undefined Behavior
     Uninitialized Variable
     Unreleased Resource
     Unsafe Bean Declaration
     Unsafe JNI
     Unsafe Reflection
     Unused Validation Form
     Unvalidated Action Form
     Use After Free
     Use Of Inner Class
     Validation Class Not Extended
     Validator Turned Off
     Validator Without Form Field
     Weak Access Permissions
     Weak Cryptography
     XML Validation
Taxonomy of vulnerabilities
Teams. [See Security professionals.]
Tent example
"Test-driven" design
Testing. [See Penetration testing; Risk-based security testing.]
Think like a bad guy. [See Black hat activities.]
Threads phylum
Threat modeling versus risk analysis
Threats, architectural risk analysis
Three pillars. [See Pillars of software security.]
Time and State vulnerability kingdom 2nd
Time as essential issue
Timing, risk-based security testing
TOCTOU (time-of-check-time-of-use) 2nd 3rd
Tools
     characteristics of
    code review. [See Code review, tools.]
    commercial vendors. [See Commercial source code analysis tool vendors.]
     Nessus
    penetration testing
         APISPY32
         breakpoint setters
         CANVAS
         Cenzic
         control flow
         coverage
         decompilers
         disassemblers
         fault injection
         Hailstorm
         Holodeck
         rootkits
         shell code
     port scanning
     problems with
Touchpoints [See also specific touchpoints]
     as best practices 2nd
     black hat activities
     constructive activities
     destructive activities
     example
     list of
         abuse cases
         architectural risk analysis
         code review
         penetration testing
         risk-based security testing
         security operations
     order of effectiveness
     overview
     sequence of
     timing in the lifecycle
     white hat activities
Training without assessment
Training, academic courses
Training, software security
Trinity of trouble
     complexity
     connectivity
     extensibility
Trust Boundary Violation phylum
Trustworthy Computing Initiative