Flylib.com
Hunting Security Bugs
Hunting Security Bugs
ISBN: 073562187X
EAN: 2147483647
Year: 2004
Pages: 156
Authors:
Tom Gallagher
,
Lawrence Landauer
,
Bryan Jeffries
BUY ON AMAZON
Hunting Security Bugs
Back Cover
About
Foreword
Introduction
Who is This Book for?
Organization of This Book
System Requirements
Technology Updates
Code Samples and Companion Content
Support for This Book
Acknowledgments
Chapter 1: General Approach to Security Testing
Different Types of Security Testers
An Approach to Security Testing
Summary
Chapter 2: Using Threat Models for Security Testing
How Testers can Leverage a Threat Model
Data Flow Diagrams
Enumeration of Entry Points and Exit Points
Enumeration of Threats
How Testers Should Use a Completed Threat Model
Implementation Rarely Matches the Specification or Threat Model
Summary
Chapter 3: Finding Entry Points
Finding and Ranking Entry Points
Common Entry Points
Summary
Chapter 4: Becoming a Malicious Client
Testing HTTP
Testing Specific Network Requests Quickly
Testing Tips
Summary
Chapter 5: Becoming a Malicious Server
Understanding Common Ways Clients Receive Malicious Server Responses
Does SSL Prevent Malicious Server Attacks?
Manipulating Server Responses
Examples of Malicious Response Bugs
Myth: It Is Difficult for an Attacker to Create a Malicious Server
Understanding Downgrade MITM Attacks
Testing Tips
Summary
Chapter 6: Spoofing
Finding Spoofing Issues
General Spoofing
User Interface Spoofing
Testing Tips
Summary
Chapter 7: Information Disclosure
Locating Common Areas of Information Disclosure
Identifying Interesting Data
Summary
Chapter 8: Buffer Overflows and Stack and Heap Manipulation
Understanding How Overflows Work
Testing for Overruns: Where to Look for Cases
Black Box (Functional) Testing
White Box Testing
Additional Topics
Testing Tips
Summary
Chapter 9: Format String Attacks
Understanding Why Format Strings Are a Problem
Testing for Format String Vulnerabilities
Walkthrough: Seeing a Format String Attack in Action
Testing Tips
Summary
Chapter 10: HTML Scripting Attacks
Understanding Persistent XSS Attacks Against Servers
Identifying Attackable Data for Reflected and Persistent XSS Attacks
Common Ways Programmers Try to Stop Attacks
Understanding Reflected XSS Attacks Against Local Files
Understanding Script Injection Attacks in the My Computer Zone
Ways Programmers Try to Prevent HTML Scripting Attacks
Understanding How Internet Explorer Mitigates XSS Attacks Against Local Files
Identifying HTML Scripting Vulnerabilities
Finding HTML Scripting Bugs Through Code Review
Summary
Chapter 11: XML Issues
Testing XML-Specific Attacks
Simple Object Access Protocol
Testing Tips
Summary
Chapter 12: Canonicalization Issues
Finding Canonicalization Issues
File-Based Canonicalization Issues
Web-Based Canonicalization Issues
Testing Tips
Summary
Chapter 13: Finding Weak Permissions
Finding Permissions Problems
Understanding the Windows Access Control Mechanism
Finding and Analyzing Permissions on Objects
Recognizing Common Permissions Problems
Determining the Accessibility of Objects
Other Permissions Considerations
Summary
Chapter 14: Denial of Service Attacks
Testing Tips
Summary
Chapter 15: Managed Code Issues
Dispelling Common Myths About Using Managed Code
Understanding the Basics of Code Access Security
Finding Problems Using Code Reviews
Understanding the Issues of Using APTCA
Decompiling .NET Assemblies
Testing Tips
Summary
Chapter 16: SQL Injection
Exactly What Is SQL Injection?
Understanding the Importance of SQL Injection
Finding SQL Injection Issues
Avoiding Common Mistakes About SQL Injection
Understanding Repurposing of SQL Stored Procedures
Recognizing Similar Injection Attacks
Testing Tips
Summary
Chapter 17: Observation and Reverse Engineering
Using a Debugger to Trace Program Execution and Change its Behavior
Using a Decompiler or Disassembler to Reverse Engineer a Program
Analyzing Security Updates
Testing Tips
Legal Considerations
Summary
Chapter 18: ActiveX Repurposing Attacks
Understanding ActiveX Controls
ActiveX Control Testing Walkthrough
Testing Tips
Summary
Chapter 19: Additional Repurposing Attacks
Web Pages Requesting External Data
Understanding Repurposing of Window and Thread Messages
Summary
Chapter 20: Reporting Security Bugs
Contacting the Vendor
What to Expect After Contacting the Vendor
Public Disclosure
Addressing Security Bugs in Your Product
Summary
Appendix A: Tools of the Trade
Appendix B: Security Test Cases Cheat Sheet
Spoofing
Information Disclosures
Buffer Overflows
Format Strings
Cross-Site Scripting and Script Injection
XML
SOAP
Canonicalization Issues
Weak Permissions
Denial of Service
Managed Code
SQL Injection
ActiveX
List of Figures
List of Tables
Hunting Security Bugs
ISBN: 073562187X
EAN: 2147483647
Year: 2004
Pages: 156
Authors:
Tom Gallagher
,
Lawrence Landauer
,
Bryan Jeffries
BUY ON AMAZON
Cisco CallManager Fundamentals (2nd Edition)
Circuit-Switched Systems
Regions
Monitoring Tools
Call Detail Records
System Tools
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Case Studies
Introducing SOA
Message exchange patterns
Service-orientation and contemporary SOA
Considerations for choosing service layers
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
Computers as Persuasive Tools
Computers as Persuasive Media Simulation
Computers as Persuasive Social Actors
Credibility and Computers
The Ethics of Persuasive Technology
InDesign Type: Professional Typography with Adobe InDesign CS2
Metrics Kerning
Manual Kerning
Mastering Tabs and Tables
Mo Style
Determining Column Width
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
Value Stream Mapping and Process Flow Tools
Descriptive Statistics and Data Displays
Reducing Lead Time and Non-Value-Add Cost
Complexity Value Stream Mapping and Complexity Analysis
Selecting and Testing Solutions
What is Lean Six Sigma
The Four Keys to Lean Six Sigma
Key #2: Improve Your Processes
Beyond the Basics: The Five Laws of Lean Six Sigma
The Experience of Making Improvements: What Its Like to Work on Lean Six Sigma Projects
Six Things Managers Must Do: How to Support Lean Six Sigma
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies