Hunting security bugs /
"Finding security flaws is now a fundamental development task, yet there has not been adequate documentation of the process used to find security bugs-until now. Before the Internet, computers were deployed in trusted environments and software development and testing practices emphasized functi...
| Main Author: | |
|---|---|
| Other Authors: | , |
| Format: | Book |
| Language: | English |
| Published: |
Redmond, Wash. :
Microsoft Press,
2006
|
| Series: | Secure software development series
|
| Subjects: |
Table of Contents:
- Machine derived contents note: Dedication; Foreword; Introduction; Who Is This Book For?; Organization of This Book; System Requirements; Technology Updates; Code Samples and Companion Content; Support for This Book; Acknowledgments; Chapter 1: General Approach to Security Testing; 1.1 Different Types of Security Testers; 1.2 An Approach to Security Testing; 1.3 Summary; Chapter 2: Using Threat Models for Security Testing; 2.1 Threat Modeling; 2.2 How Testers Can Leverage a Threat Model; 2.3 Data Flow Diagrams; 2.4 Enumeration of Entry Points and Exit Points; 2.5 Enumeration of Threats; 2.6 How Testers Should Use a Completed Threat Model; 2.7 Implementation Rarely Matches the Specification or Threat Model; 2.8 Summary; Chapter 3: Finding Entry Points; 3.1 Finding and Ranking Entry Points; 3.2 Common Entry Points; 3.3 Summary; Chapter 4: Becoming a Malicious Client; 4.1 Client/Server Interaction; 4.2 Testing HTTP; 4.3 Testing Specific Network Requests Quickly; 4.4 Testing Tips; 4.5 Summary; Chapter 5: Becoming a Malicious Server; 5.1 Understanding Common Ways Clients Receive Malicious Server Responses; 5.2 Does SSL Prevent Malicious Server Attacks?; 5.3 Manipulating Server Responses; 5.4 Examples of Malicious Response Bugs; 5.5 Myth: It Is Difficult for an Attacker to Create a Malicious Server; 5.6 Understanding Downgrade MITM Attacks; 5.7 Testing Tips; 5.8 Summary; Chapter 6: Spoofing; 6.1 Grasping the Importance of Spoofing Issues; 6.2 Finding Spoofing Issues; 6.3 General Spoofing; 6.4 User Interface Spoofing; 6.5 Testing Tips; 6.6 Summary; Chapter 7: Information Disclosure; 7.1 Problems with Information Disclosure; 7.2 Locating Common Areas of Information Disclosure; 7.3 Identifying Interesting Data; 7.4 Summary; Chapter 8: Buffer Overflows and Stack and Heap Manipulation; 8.1 Understanding How Overflows Work; 8.2 Testing for Overruns: Where to Look for Cases; 8.3 Black Box (Functional) Testing; 8.4 White Box Testing; 8.5 Additional Topics; 8.6 Testing Tips; 8.7 Summary; Chapter 9: Format String Attacks; 9.1 What Are Format Strings?; 9.2 Understanding Why Format Strings Are a Problem; 9.3 Testing for Format String Vulnerabilities; 9.4 Walkthrough: Seeing a Format String Attack in Action; 9.5 Testing Tips; 9.6 Summary; Chapter 10: HTML Scripting Attacks; 10.1 Understanding Reflected Cross-Site Scripting Attacks Against Servers; 10.2 Understanding Persistent XSS Attacks Against Servers; 10.3 Identifying Attackable Data for Reflected and Persistent XSS Attacks; 10.4 Common Ways Programmers Try to Stop Attacks; 10.5 Understanding Reflected XSS Attacks Against Local Files; 10.6 Understanding Script Injection Attacks in the My Computer Zone; 10.7 Ways Programmers Try to Prevent HTML Scripting Attacks; 10.8 Understanding How Internet Explorer Mitigates XSS Attacks Against Local Files; 10.9 Identifying HTML Scripting Vulnerabilities; 10.10 Finding HTML Scripting Bugs Through Code Review; 10.11 Summary; Chapter 11: XML Issues; 11.1 Testing Non-XML Security Issues in XML Input Files; 11.2 Testing XML-Specific Attacks; 11.3 Simple Object Access Protocol; 11.4 Testing Tips; 11.5 Summary; Chapter 12: Canonicalization Issues; 12.1 Understanding the Importance of Canonicalization Issues; 12.2 Finding Canonicalization Issues; 12.3 File-Based Canonicalization Issues; 12.4 Web-Based Canonicalization Issues; 12.5 Testing Tips; 12.6 Summary; Chapter 13: Finding Weak Permissions; 13.1 Understanding the Importance of Permissions; 13.2 Finding Permissions Problems; 13.3 Understanding the Windows Access Control Mechanism; 13.4 Finding and Analyzing Permissions on Objects; 13.5 Recognizing Common Permissions Problems; 13.6 Determining the Accessibility of Objects; 13.7 Other Permissions Considerations; 13.8 Summary; Chapter 14: Denial of Service Attacks; 14.1 Understanding Types of DoS Attacks; 14.2 Testing Tips; 14.3 Summary; Chapter 15: Managed Code Issues; 15.1 Dispelling Common Myths About Using Managed Code; 15.2 Understanding the Basics of Code Access Security; 15.3 Finding Problems Using Code Reviews; 15.4 Understanding the Issues of Using APTCA; 15.5 Decompiling .NET Assemblies; 15.6 Testing Tips; 15.7 Summary; Chapter 16: SQL Injection; 16.1 Exactly What Is SQL Injection?; 16.2 Understanding the Importance of SQL Injection; 16.3 Finding SQL Injection Issues; 16.4 Avoiding Common Mistakes About SQL Injection; 16.5 Understanding Repurposing of SQL Stored Procedures; 16.6 Recognizing Similar Injection Attacks; 16.7 Testing Tips; 16.8 Summary; Chapter 17: Observation and Reverse Engineering; 17.1 Observation Without a Debugger or Disassembler; 17.2 Using a Debugger to Trace Program Execution and Change its Behavior; 17.3 Using a Decompiler or Disassembler to Reverse Engineer a Program; 17.4 Analyzing Security Updates; 17.5 Testing Tips; 17.6 Legal Considerations; 17.7 Summary; Chapter 18: ActiveX Repurposing Attacks; 18.1 Understanding ActiveX Controls; 18.2 ActiveX Control Testing Walkthrough; 18.3 Testing Tips; 18.4 Summary; Chapter 19: Additional Repurposing Attacks; 19.1 Understanding Document Formats That Request External Data; 19.2 Web Pages Requesting External Data; 19.3 Understanding Repurposing of Window and Thread Messages; 19.4 Summary; Chapter 20: Reporting Security Bugs; 20.1 Reporting the Issue; 20.2 Contacting the Vendor; 20.3 What to Expect After Contacting the Vendor; 20.4 Public Disclosure; 20.5 Addressing Security Bugs in Your Product; 20.6 Summary; Tools of the Trade; General; ActiveX/COM; Canonicalization; Code Analysis; Debugging; Documents and Binaries; Fuzzers; Memory/Runtime; Network; Permissions; SQL; Security Test Cases Cheat Sheet; Network Requests and Responses; Spoofing; Information Disclosures; Buffer Overflows; Format Strings; Cross-Site Scripting and Script Injection; XML; SOAP; Canonicalization Issues; Weak Permissions; Denial of Service; Managed Code; SQL Injection; ActiveX; ; Tom Gallagher; Bryan Jeffries; Lawrence Landauer