|
table level authorization, SQL Server Authorization
tampering with data attacks, Table 14-1: STRIDE Threat Categories
tax, security as a, Design Challenges
TCP-IP
named-pipes, compared to, Named-Pipes vs. TCP-IP
Teleport Pro, Table 9-3: Test Tools
Telnet service, Turn Off Unnecessary Services
terrorism, Cyber-Terrorism
testing, Take the Attacker’s View
approaches to, Testing Approaches, Stress Testing
approaches, table of, Testing Approaches, Table 9-2: General Testing Approaches
attacker’ s view, taking, Take the Attacker’s View
automated unit testing, Table 9-2: General Testing Approaches, Automated Unit Testing, Table 9-3: Test Tools
benefits of security emphasis, Plan of Attack—The Test Plan
beta feedback, role of, Relying Too Much on Beta Feedback
blueprints of applications, Take the Attacker’s View, Create a Blueprint of Your Application
brainstorming scenarios, Brainstorm—Generate Security-Related Scenarios, Create Scenarios Based on Inroads for Attack
components of, Plan of Attack—The Test Plan
cost of, Filter and Prioritize Tests for Each Scenario, Failing to Factor In the Cost of Testing
creating tools, Create Your Own Test Tools, Example: Create a Test Tool for Testing Web Applications
database security, Create Scenarios Based on Inroads for Attack
debugging features for, Writing Self-Testing Code
deployment evironments, in, Test in the Target Environment
DLL spoofing, Create Scenarios Based on Inroads for Attack
features, security v. usefulness, Plan of Attack—The Test Plan
filtering tests, Filter and Prioritize Tests for Each Scenario
generating tests, Generate Tests, Filter and Prioritize Tests for Each Scenario
hidden fields, Create Scenarios Based on Inroads for Attack, Example: Create a Test Tool for Testing Web Applications
importance of, Chapter 9: Testing for Attack- Resistant Code, Make Testing for Security a Priority
inroads, scenarios based on, Create Scenarios Based on Inroads for Attack
insufficient, Testing Too Little, Too Late
lateness mistake, Testing Too Little, Too Late
manual testing, Table 9-2: General Testing Approaches, Ad Hoc, or Manual, Testing
mistakes, common, Common Testing Mistakes, Assuming Third-Party Components Are Safe
network redirection tools, Table 9-3: Test Tools
NUnit tool, Automated Unit Testing, Table 9-3: Test Tools
password cracking tools, Table 9-3: Test Tools
permission levels, Test in the Target Environment
plan development, Plan of Attack—The Test Plan
plan execution, Attack—Execute the Plan, Stress Testing
prioritizing scenarios, Get Focused—Prioritize Scenarios, Prioritize Security-Related Scenarios Based on Threats
prioritizing tests, Plan of Attack—The Test Plan, Filter and Prioritize Tests for Each Scenario
profile tools, Table 9-3: Test Tools
public functions, Create Scenarios Based on Inroads for Attack
real-world considerations, Testing in the Real World
relevance to scenarios, Filter and Prioritize Tests for Each Scenario
retasked components, Failing to Test and Retest for Security
reverse-engineering tools, Table 9-3: Test Tools
schedules for, Plan of Attack—The Test Plan
security aspect, Plan of Attack—The Test Plan
self-testing code, Table 9-2: General Testing Approaches, Writing Self-Testing Code
stress test tools, Table 9-3: Test Tools
stress testing, Table 9-2: General Testing Approaches, Stress Testing
target configurations, Plan of Attack—The Test Plan
third-party components, Assuming Third-Party Components Are Safe
tool creation, Create Your Own Test Tools, Example: Create a Test Tool for Testing Web Applications
tools for, Testing Tools, Example: Create a Test Tool for Testing Web Applications
unknown issues, narrowing, Failing to Test and Retest for Security
URL-based attacks, Create Scenarios Based on Inroads for Attack
usage scenarios, Plan of Attack—The Test Plan
user name input, Generate Tests
WebTester sample application, Example: Create a Test Tool for Testing Web Applications
XML file vulnerability, Create Scenarios Based on Inroads for Attack
text boxes
validating input, Validation Tools Available to Windows Forms Applications
third-party components, danger of, Assuming Third-Party Components Are Safe
Thread objects, Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)
threat analysis
allocating time for, Allocate Time
architectural sketches for, Draw Architectural Sketch and Review for Threats
cost considerations, Allocate Time
defined, Analyze for Threats and Vulnerabilities
documentation, Plan and Document Your Threat Analysis
EMS example, prioritized table of threats, Prioritize Threats, Table 15-3: Prioritize Threats for the Employee Management System_ (continued)
key concepts of, Chapter 15: Threat Analysis Exercise
listing threats, Create a Laundry List of Threats, Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)
planning, Plan and Document Your Threat Analysis
prioritizing components, Prioritize Analysis Based on the Function of Each Component
prioritizing threats, Prioritize Threats, Table 15-3: Prioritize Threats for the Employee Management System_ (continued)
response development, Respond to Threats
reviewing code, Review Code for Threats, Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)
steps in process, Analyze for Threats
threat modeling
design phase, Step 5: Threat-Model the Vulnerabilities
threats
analyzing for. , see analyzing for vulnerabilities
bypassing UI attack, Table 14-2: Example of Common Attacks and Techniques to Mitigate Them
identifying, Identify and Prioritize, Table 14-1: STRIDE Threat Categories
intercepting data attacks, Table 14-2: Example of Common Attacks and Techniques to Mitigate Them
methods for avoiding damage from, Analyze for Threats and Vulnerabilities
mitigating, Prevent Attacks by Mitigating Threats, Table 14-2: Example of Common Attacks and Techniques to Mitigate Them
password-cracking attacks, Table 14-2: Example of Common Attacks and Techniques to Mitigate Them
posing as users, Table 14-2: Example of Common Attacks and Techniques to Mitigate Them
prioritizing, Prioritize Threats, Table 15-3: Prioritize Threats for the Employee Management System_ (continued)
real-world considerations, Security Threats in the Real World
response options for, Respond to Threats
severity, factors in, Prioritize Threats
tracking, Prioritize Threats
time limitations, Design Challenges
timestamp services, Strong Naming, Certificates, and Signing Exercise
TlntSvr service, Turn Off Unnecessary Services
TogglePassportEnvironment utility, Appendix A: Guide to the Code Samples, TogglePassportEnvironment utility, Figure A-12: Changing the Passport environment to pre-production
tools
locking down platforms, for, Automated Tools
Web-page manipulation, Table 9-3: Test Tools
tools available to hackers, What Happens Next?
tools, test, Testing Tools, Example: Create a Test Tool for Testing Web Applications
trace-back, Privacy vs. Security
TraceRt.exe, Chapter 5: Securing Web Applications
tracing routes, Chapter 5: Securing Web Applications
tracking threats, Prioritize Threats
training development teams, Step 3: Educate the Team
transactions
audit trails, Implementing an Audit Trail
repudiation, Implementing an Audit Trail
transport-level security., see ssl (secure sockets layer)
trends in security
arms race intensification, What Happens Next?
authentication, Privacy vs. Security
Big Brother systems, Privacy vs. Security
cost increases, What Happens Next?
government initiatives, Government Initiatives
IPv6 (Internet Protocol version 6), The IPv6 Internet Protocol
Microsoft initiatives, Microsoft Initiatives
privacy issues, Privacy vs. Security
trace-back, Privacy vs. Security
unified systems, What Happens Next?
virus intensification, What Happens Next?
Triple-DES, Private Key Encryption
decryption function, Private Key Encryption
defined, Private Key Encryption
function using, creating, Private Key Encryption
passphrases, Keeping Private Keys Safe
safety of keys, Keeping Private Keys Safe
trust
defined, How Actions Are Considered Safe or Unsafe
trust levels
code-access permission defaults, Security Zones and Trust Levels, Table 3-3: Full Trust Permissions Granted to My Computer Zone
defaults for zones, Security Zones and Trust Levels
Full Trust, Security Zones and Trust Levels
permissions associated with, Security Zones and Permissions
Trusted Sites zone
defined, Security Zones and Trust Levels
permissions for, Security Zones and Permissions, Local Intranet, Internet, and Trusted Sites Zones
scope of, How Visual Basic .NET Determines Zone
Trustworthy Computing initiative, Testing in the Real World, Microsoft Initiatives
Try...Catch blocks, Try…Catch or On Error GoTo, Exception Handling
Type keyword, Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)
|