Part I: Introduction to Software Security Assessment Chapter 1. Software Vulnerability Fundamentals Introduction Vulnerabilities The Necessity of Auditing Classifying Vulnerabilities Common Threads Summary Chapter 2. Design Review Introduction Software Design Fundamentals Enforcing Security Policy Threat Modeling Summary Chapter 3. Operational Review Introduction Exposure Web-Specific Considerations Protective Measures Summary Chapter 4. Application Review Process Introduction Overview of the Application Review Process Preassessment Application Review Documentation and Analysis Reporting and Remediation Support Code Navigation Code-Auditing Strategies Code-Auditing Tactics Code Auditor's Toolbox Case Study: OpenSSH Summary Part II: Software Vulnerabilities Chapter 5. Memory Corruption Introduction Buffer Overflows Shellcode Protection Mechanisms Assessing Memory Corruption Impact Summary Chapter 6. C Language Issues Introduction C Language Background Data Storage Overview Arithmetic Boundary Conditions Type Conversions Type Conversion Vulnerabilities Operators Pointer Arithmetic Other C Nuances Summary Chapter 7. Program Building Blocks Introduction Auditing Variable Use Auditing Control Flow Auditing Functions Auditing Memory Management Summary Chapter 8. Strings and Metacharacters Introduction C String Handling Metacharacters Common Metacharacter Formats Metacharacter Filtering Character Sets and Unicode Summary Chapter 9. UNIX I: Privileges and Files Introduction UNIX 101 Privilege Model Privilege Vulnerabilities File Security File Internals Links Race Conditions Temporary Files The Stdio File Interface Summary Chapter 10. UNIX II: Processes Introduction Processes Program Invocation Process Attributes Interprocess Communication Remote Procedure Calls Summary Chapter 11. Windows I: Objects and the File System Introduction Background Objects Sessions Security Descriptors Processes and Threads File Access The Registry Summary Chapter 12. Windows II: Interprocess Communication Introduction Windows IPC Security Window Messaging Pipes Mailslots Remote Procedure Calls COM Summary Chapter 13. Synchronization and State Introduction Synchronization Problems Process Synchronization Signals Threads Summary Part III: Software Vulnerabilities in Practice Chapter 14. Network Protocols Introduction Internet Protocol User Datagram Protocol Transmission Control Protocol Summary Chapter 15. Firewalls Introduction Overview of Firewalls Stateless Firewalls Simple Stateful Firewalls Stateful Inspection Firewalls Spoofing Attacks Summary Chapter 16. Network Application Protocols Introduction Auditing Application Protocols Hypertext Transfer Protocol Internet Security Association and Key Management Protocol Abstract Syntax Notation (ASN.1) Domain Name System Summary Chapter 17. Web Applications Introduction Web Technology Overview HTTP State and HTTP Authentication Architecture Problem Areas Common Vulnerabilities Harsh Realities of the Web Auditing Strategy Summary Chapter 18. Web Technologies Introduction Web Services and Service-Oriented Architecture Web Application Platforms CGI Perl PHP Java ASP ASP.NETdownload link = http://www.mediafire.com/?bm2cz3zzlccpf88
password = e-omidfar.blogspot.com
No comments:
Post a Comment