R
Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] Race Condition from Kerberos 4 in lstat( ) and open( ) listing (9-4) Race Condition in access( ) and open( ) listing (9-3) Race Condition in open( ) and lstat( ) listing (9-5) Race Condition in the Linux Kernel's Uselib( ) listing (13-3) race conditions junction points synchroniciy threading 2nd 3rd UNIX file system directory races ownership races permission races TOCTOU (time to check to time of use) Rain Forest Puppy (RFP) Range header field (HTTP) raw memory devices raw sockets Raymond, Eric RDBMS (relational database management system) read( ) function read_data( ) function read_line( ) function reading files, stdio file system real groups, UNIX real users (UNIX) 2nd realloc( ) function Reallocation Double-Free Vulnerability listing (7-47) Reallocation Integer Overflow listing (7-40) recursive name servers (DNS) redirector, Windows NT session credentials SMB relay attacks UNC (Universal Naming Convention) paths redundancy in Web applications reentrancy functions multithreaded programs referentially opaque side effects, functions referentially transparent side effects, functions Referer header field (HTTP) Referer request header RegCloseKey( ) function RegCreateKey( ) function RegCreateKeyEx( ) function 2nd RegDeleteKey( ) function RegDeleteKeyEx( ) function RegDeleteValue( ) function register_globals option (PHP) registered function pointers, operational vulnerabilities, preventing registering interfaces, RPC servers registration, COM (Component Object Model) applications registry, Windows NT key permissions key squatting predefined keys value squatting RegOpenKey( ) RegOpenKey( ) function RegOpenKeyEx( ) RegOpenKeyEx( ) function RegQueryValue( ) function RegQueryValueEx( ) function relational database management system (RDBMS) relational operators relationships, variables relinquishing UNIX privileges permanently 2nd temporarily remediation support phase, code review 2nd remote client socket, OpenSSH Remote Procedure Call (RPC) endpoints REMOTE_ADDR (environment variable) REMOTE_HOST (environment variable) REMOTE_IDENT (environment variable) REMOTE_USER (environment variable) Reopening a Temporary File listing (9-6) repetition, signals Representational State Transfer (REST) request traffic, DNS (Domain Name System) request variables parroted request variables synthesized request variables REQUEST_METHOD (environment variable) requests HTTP Referer request header RPC servers, listening to require( ) function requirements definitions, SDLC (Systems Development Life Cycle) requirements, software rereading code, code audits resetting TCP connections resolvers, DNS (Domain Name System) resource limits, UNIX resource records, DNS (Domain Name System) 2nd conventions responses (HTTP) spoofing for REST (Representational State Transfer) restricted accounts, operational vulnerabilities, preventing restricted tokens, Windows NT sessions, access tokens retention, process attributes, UNIX retrieve_data( ) function Retry-After header field (HTTP) Return Value Checking of MultiByteToWideChar( ) listing (8-29) return value testing, functions return values, functions finding ignoring misinterpreting reuse code UNIX temporary files reverse-engineering applications reviewing code application review phase 2nd 3rd bottom-up approach hybrid approach iterative process peer reviews planning reevaluation status checks top-down approach working papers code auditing 2nd 3rd binary navigation tools CC (code comprehension) strategies 2nd CP (candidate point) strategies 2nd 3rd debuggers dependency alnalysis desk checking DG (design generalization) strategies 2nd fuzz testing tools internal flow analysis OpenSSH case study rereading code scorecard source code navigators subsystem alnalysis test cases 2nd code navigation external flow sensitivity tracing documentation and analysis phase 2nd findings summary preassessment phase application access information collection scoping process outline remediation support phase 2nd Rey, Enno rfork( ) function RFP (Rain Forest Puppy) Right Shift Vulnerability Example listing (6-26) right shift, operators 2nd risks, DREAD risk ratings root directories, UNIX routers RPC (Remote Procedure Calls) servers authentication endpoints binding to interfaces, registering requests, listening to RpcBindingInqAuthClient( ) function RPCs (Remote Procedure Calls) UNIX authentication decoding routines definition files Windows NT ACFs (application configuration files) application audits connections context handles DCE (Distributed Computing Environment) RPCs IDL file structure impersonation IPC (interprocess communications) MIDL (Microsoft Interface Definition Language) ONC (Open Network Computing) RPCs proprietary state mechanisms RPC servers threading transports RpcServerListen( ) function RpcServerRegisterAuthInfo( ) function RpcServerRegisterIf( ) function RpcServerRegisterIfEx( ) function RpcServerUseProtseq( ) function RpcServerUseProtseqEx( ) function running code, auditing runtime stack, activation records Russinovich, Mark E. 2nd |
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
ISBN: 0321444426
EAN: 2147483647
EAN: 2147483647
Year: 2004
Pages: 194
Pages: 194