Table of Contents


book cover
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
By Mark Dowd, John McDonald, Justin Schuh
...............................................
Publisher: Addison Wesley Professional
Pub Date: November 10, 2006
Print ISBN-10: 0-321-44442-6
Print ISBN-13: 978-0-321-44442-4
Pages: 1200
 

Table of Contents  | Index

   Copyright
   About the Authors
   Preface
   Acknowledgments
    Part I:  Introduction to Software Security Assessment
          Chapter 1.  Software Vulnerability Fundamentals
      Introduction
      Vulnerabilities
      The Necessity of Auditing
      Classifying Vulnerabilities
      Common Threads
      Summary
          Chapter 2.  Design Review
      Introduction
      Software Design Fundamentals
      Enforcing Security Policy
      Threat Modeling
      Summary
          Chapter 3.  Operational Review
      Introduction
      Exposure
      Web-Specific Considerations
      Protective Measures
      Summary
          Chapter 4.  Application Review Process
      Introduction
      Overview of the Application Review Process
      Preassessment
      Application Review
      Documentation and Analysis
      Reporting and Remediation Support
      Code Navigation
      Code-Auditing Strategies
      Code-Auditing Tactics
      Code Auditor's Toolbox
      Case Study: OpenSSH
      Summary
    Part II:  Software Vulnerabilities
          Chapter 5.  Memory Corruption
      Introduction
      Buffer Overflows
      Shellcode
      Protection Mechanisms
      Assessing Memory Corruption Impact
      Summary
          Chapter 6.  C Language Issues
      Introduction
      C Language Background
      Data Storage Overview
      Arithmetic Boundary Conditions
      Type Conversions
      Type Conversion Vulnerabilities
      Operators
      Pointer Arithmetic
      Other C Nuances
      Summary
          Chapter 7.  Program Building Blocks
      Introduction
      Auditing Variable Use
      Auditing Control Flow
      Auditing Functions
      Auditing Memory Management
      Summary
          Chapter 8.  Strings and Metacharacters
      Introduction
      C String Handling
      Metacharacters
      Common Metacharacter Formats
      Metacharacter Filtering
      Character Sets and Unicode
      Summary
          Chapter 9.  UNIX I: Privileges and Files
      Introduction
      UNIX 101
      Privilege Model
      Privilege Vulnerabilities
      File Security
      File Internals
      Links
      Race Conditions
      Temporary Files
      The Stdio File Interface
      Summary
          Chapter 10.  UNIX II: Processes
      Introduction
      Processes
      Program Invocation
      Process Attributes
      Interprocess Communication
      Remote Procedure Calls
      Summary
          Chapter 11.  Windows I: Objects and the File System
      Introduction
      Background
      Objects
      Sessions
      Security Descriptors
      Processes and Threads
      File Access
      The Registry
      Summary
          Chapter 12.  Windows II: Interprocess Communication
      Introduction
      Windows IPC Security
      Window Messaging
      Pipes
      Mailslots
      Remote Procedure Calls
      COM
      Summary
          Chapter 13.  Synchronization and State
      Introduction
      Synchronization Problems
      Process Synchronization
      Signals
      Threads
      Summary
    Part III:  Software Vulnerabilities in Practice
          Chapter 14.  Network Protocols
      Introduction
      Internet Protocol
      User Datagram Protocol
      Transmission Control Protocol
      Summary
          Chapter 15.  Firewalls
      Introduction
      Overview of Firewalls
      Stateless Firewalls
      Simple Stateful Firewalls
      Stateful Inspection Firewalls
      Spoofing Attacks
      Summary
          Chapter 16.  Network Application Protocols
      Introduction
      Auditing Application Protocols
      Hypertext Transfer Protocol
      Internet Security Association and Key Management Protocol
      Abstract Syntax Notation (ASN.1)
      Domain Name System
      Summary
          Chapter 17.  Web Applications
      Introduction
      Web Technology Overview
      HTTP
      State and HTTP Authentication
      Architecture
      Problem Areas
      Common Vulnerabilities
      Harsh Realities of the Web
      Auditing Strategy
      Summary
          Chapter 18.  Web Technologies
      Introduction
      Web Services and Service-Oriented Architecture
      Web Application Platforms
      CGI
      Perl
      PHP
      Java
      ASP
      ASP.NET
      Summary
   Bibliography
   Index



The Art of Software Security Assessment. Identifying and Preventing Software Vulnerabilities
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
ISBN: 0321444426
EAN: 2147483647
Year: 2004
Pages: 194

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net