P | The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

packet sniffers
packet subsystem, SSH server, code audits
packet-filtering firewalls
     proxy firewalls, compared
     stateful firewalls
         directionality
         fragmentation
         stateful inspection firewalls
         TCP (Transport Control Protocol)
         UDP (User Datagram Protocol)
     stateless firewalls
         fragmentation
         FTP (File Transfer Protocol)
         TCP (Transmission Control Protocol)
         UDP (User Datagram Protocol)
packets
     DNS (Domain Name System)
     encapsulation
     IP packets
     packet sniffers
     source routing
     TCP packets, scanning
padding bits, unsigned integer types
page flow
Paget, Chris
parameterized queries
parameters, transmitting to Web applications
     embedded path information
     forms
     GET method 2nd
     parameter encoding
     POST method
     query strings
parent directories, UNIX
parent functions, vunerabilities
parroted request variables
parse_rrecord( ) function
parsing HTTP headers
passive FTP
password files, UNIX
PATH environment variable (UNIX)
path information (HTTP)
path metacharcters
     file canonicalization
     Windows registry
path traversal
PATH_INFO environment variable 2nd
PATH_TRANSLATED environment variable
pathnames
     hexadecimal encoding
     UNIX
pathological code paths
pathological fragment sets, IP (Internet Protocol)
paths
     files, UNIX
     path traversal
Payloads, ISAKMP (Internet Security Association and Key Management Protocol)
     certificate payloads
     certificate request payloads
     delete payloads
     hash payloads
     identification payloads
     key exchange payloads 2nd
     nonce payloads
     notification payloads
     proposal payloads
     SA (security association) payloads
     signature payloads
     transform payloads
     vendor ID payloads
PCI (Payment Card Industry) 1.0 Data Security Requirement
peer reviews, application review
PER (Packed Encoding Rules), ASN.1 (Abstract Syntax Notation)
Perl
     cross-site scripting
     file access
     file inclusion
     inline evaluation
     open( ) function
     shell invocation
     SQL injection queries
     taint mode
permission bitmasks
permissions
     DCOM (Distributed Component Object Model), subsystem access permissions
     Directories, UNIX
     file access, Windows NT 2nd
     file systems
     files, UNIX
     mailsots
     object systems
     registry keys, Windows NT
     UNIX files, race conditions
     Windows NT pipes
personal user files, UNIX
phishing
PHP (PHP Hypertext Preprocessor) 2nd
     configuration settings
     cross-site scripting
     file access
     file inclusion
     inline evaluation
     shell invocation 2nd
     SQL injection queries
php_error_docref( ) function
phrack magazine
physical layer, network segmentation
PIDs (process IDs), UNIX
pipe squatting, Windows NT
pipe( ) system call
pipes
     UNIX, 612, named pipes
    Windows NT
         anonymous pipes
         creating
         impersonation
         IPC (interprocess communications)
         named pipes
         permissions
         pipe squatting
PKI (Public Key Infrastructure)
point-of-sale (PoS) system
Pointer Arithmetic Vulnerability Example listing (6-29)
pointer updates, lists, errors
pointers
     arithmetic
     C programming language
     EBP (extended base pointer)
     ESP (extended stack pointer)
     function pointers, obfuscation
     outdated pointers 2nd
         ProFTPD
     text strings, incrementing incorrectly
     vunerabilities
Pol, Joost
policies (security)
     access control policy
     breaches
     enforcing
pop( ) function
popen( ) function 2nd
Portable Operating System Interface for UNIX (POSIX)
PoS (point-of-sale) system
positive decimal integers, binary notation, converting to
positive numbers, decimal conversion from binary notation
POSIX (Portable Operating System Interface for UNIX) 2nd
     signals, handling
POST method
Postincrement Loop Vulnerability listing (7-21)
posting data, HTTP (Hypertext Transfer Protocol) 2nd 3rd
posttest loops, pretest loops, compared
Practical Cryptography
Pragma header field (HTTP)
preassessment phase, code review
     application access
     information collection
     scoping
precedence, C programming language
precision, integer types
predefined registry keys, Windows NT
prepared statements
preprocessors, C programming language
Prescan Sign Extension Vulnerability in Sendmail listing (6-13)
prescan( ) function 2nd
presentation layer, network segmentation
presentation logic
preshared keys (PSKs), discovery of
Pretest Loop Vulnerability listing (7-22)
pretest loops, posttest loops, compared
primary groups, UNIX
printf( ) function 2nd
Privilege Misuse in XFree86 SVGA Server listing (9-1)
privilege separation, SSH server, code audits
privileges
     UNIX
         capabilities
         directory permissions
         dropping permanently 2nd
         dropping temporarily
         extensions
         file IDs
         file permissions
         file security
         files
         group ID functions
         management code audits
         programs
         user ID functions
         vunerabilities
     Windows NT sessions, access tokens
     XF86_SVGA servers, misuse of
problem domain logic
Problems with 64-bit Systems listing (7-42)
proc file system (UNIX)
procedures, stored
Process Explorer
process memory layout, buffer overflows
process outline, code review
process_file( ) function
process_login( ) function
process_string( ) function
process_tcp_packet( ) function
process_token_string( ) function
processes
     multiple process, shared memory
     process synchronization
         interprocess synchronization
         lock matching
         synchronization object scoreboard
         System V synchronization
         Windows NT
     signals
         asynchronous-safe function 2nd 3rd
         default actions
         handling
         interruptions 2nd
         jump locations
         non-returning signal handlers 2nd
         repetition
         sending
         signal handler scoreboard
         signal masks
         vunerabilities 2nd
     UNIX 2nd
         attributes
         child processes
         children
         creating
         environment arrays
         fork( ) system call
         groups
         interprocess communication
         open( ) function
         program invocation
         RPCs (Remote Procedure Calls
         sessions
         system file table
         terminals
         termination
     Windows NT
         DLL loading
         IPC (interprocess communications)
         loading
         services
         ShellExecute( ) function
         ShellExecuteEx( ) function
processing
     IP fragmentation
     TCP (Transmission Control Protocol)
         options
         sequence number boundary condition
         sequence number representation
         state processing
         URG pointer processing
         window scale option
processJob( )
processNetwork( ) function
processThread( ) function
profiling source code
ProFTPD, outdated pointers
program configuration files, UNIX
program files, UNIX
program invocation, UNIX
     direct invocation
     indirect invocation
programmatic SSI
programming interfaces, Windows NT, security descriptors
programming languages
     C
         arithmetic boundary conditions
         binary encoding
         bit fields
         bitwise shift operators
         byte order
         character types
         data storage
         floating types
         format strings
         function invocations
         implementation definied behavior
         integer types
         macros
         objects
         operators
         order of evaluation
         pointers
         precedence
         preprocessor
         signed integer boundaries
         standards
         stdio file interface
         structure padding
         switch statements
         type conversion vunerabilities
         type conversions
         types
         typos
         unary + operator
         unary - operator
         unary operator
         undefinied behavior
         unsigned integer boundaries
     Perl, open( ) function
Programming Windows Security
programs, UNIX, privileged programs
promotions, integers
PROPFIND method
ProPolice, stack cookies
proposal payloads, ISAKMP (Internet Security Association and Key Management Protocol)
PROPPATCH method
proprietary state mechanisms, RPCs (Remote Procedure Calls)
protocol quirks
protocol state
protocols
     application protocols
         ASN.1 (Abstract Syntax Notation)
         auditing 2nd
         DNS (Domain Name System) 2nd 3rd
         HTTP (Hypertext Transfer Protocol) 2nd 3rd 4th
         ISAKMP (Internet Security Association and Key Management Protocol) 2nd
     binary protocols, data type matching 2nd
     FTP (File Transfer Protocol)
     HTTP (Hypertext Transport Protocol)
         authentication 2nd
         cookies
         embedded path information
         forms
         headers
         methods 2nd
         overview of
         parameter encoding
         query strings
         requests
         responses
         sessions 2nd
         state maintenance
         versions
     network protocols
         IP (Internet Protocol)
         TCP (Transmission Control Protocol)
         TCP/IP
         UDP (User Datagram Protocol)
     REST (Representational State Transfer)
     SOAP (Simple Object Access Protocol)
     SSL/TLS (Secure Sockets Layer/Transport Layer Security)
     text-based protocols, data type matching
proxies, COM (Component Object Model)
proxy firewalls
     packet-filtering firewalls, compared
Proxy-Authorization header field (HTTP)
pseudo-objects, Windows NT
PSKs (preshared keys), discovery of
PThreads API
     condition variables
     mutexes
public directories, UNIX
Public header field (HTTP)
public key encryption
Public Key Infrastructure (PKI)
public-facing administrative interfaces, Web-based applications
punctuation errors, loops
punycode
Purczynski, Wojciech
push( ) function
PUT method
putenv( ) function 2nd
pw_lock( ) function