H | The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Hacker Emergency Response Team (HERT)
handlers, non-returning signal handlers, signals 2nd
handles, Windows NT objects
handling
     signals
     strings, C programming language
hard links
     UNIX files 2nd
     Windows NT files
hardware device drivers
Hart, Johnson M.
hash functions
hash payloads, ISAKMP (Internet Security Association and Key Management Protocol)
hash tables, auditing 2nd
hash-based message authentication code (HMAC)
hashing algorithms
headers
     DNS (Domain Name System)
     HTTP (Hypertext Transport Protocol)
         fields
         parsing
     IP (Internet Protocol), validation
     ISAKMP (Internet Security Association and Key Management Protocol)
         certificate payloads
         delete payloads
         hash payloads
         identification payloads
         key exchange payloads 2nd
         nonce payloads
         notification payloads
         proposal payloads
         security association payloads
         signature payloads
         transform payloads
         vendor ID payloads
     TCP headers
         validation
     UDP headers, validation
headers (HTTP), Referer
heap hardening
heap overflows, buffer overflows
heap protection, operational vulnerabilities, preventing
Henriksen, Inge
HERT (Hacker Emergency Response Team)
Hex-encoded Pathname Vulnerability listing (8-27)
hexadecimal encoding, pathnames, vunerabilities
hidden fields, auditing
high-level attack vectors, OpenSSH, code auditing
HKEY_CLASSES_ROOT key
HMAC (hash-based message authentication code)
Hoglund, Greg
/home directory (UNIX)
home directories, UNIX users
HOME environment variable (UNIX)
homographic attacks
     Unicode
Host header field (HTTP)
host-based firewalls
host-based IDSs (intrusion detection systems)
host-based IPSs (intrusion prevention systems)
host-based measures, operational vulnerabilities
     antimnalware applications
     change monitoring
     choot jails
     enhanced kernel protections
     file system persmissions
     host-based firewalls
     host-based IDSs (intrusion detection systems)
     host-based IPSs (intrusion prevention systems)
     object system persmissions
     restricted accounts
     system virtualization
How to Survive a Robot Uprising
Howard, Michael 2nd 3rd
HPUX
HTML (Hypertext Markup Language)
     encoding
HTTP (Hypertext Transport Protocol) 2nd 3rd
     authentication 2nd
     cookies
     embedded path information
     forms
     headers
         fields
         parsing
     methods
         CONNECT
         DELETE
         GET 2nd
         OPTIONS
         parameter encoding
         POST
         PUT
         SPACEJUMP
         TEXTSEARCH
         TRACE
         WebDAV (Web Distributed Authoring and Versioning) methods
     overview of
     posting data
     query strings
     requests 2nd
     resource access
     responses
     sessions 2nd
         security vulnerabilities
         session management
         session tokens
     state maintenance
         client IP addresses
         cookies
         embedding state in HTML and URLs
         HTTP authentication 2nd
         Referer request headers
         sessions 2nd 3rd
     utility functions
     versions
HTTP request methods
hybrid approach, application review
Hypertext Markup Language (HTML) [See HTML (Hypertext Markup Language).]
Hypertext Transfer Protocol (HTTP) [See HTTP (Hypertext Transport Protocol).]
hypothesis testing, DG (design generalization) strategy