Note: Supplemental materials are not guaranteed with Rental or Used book purchases.
Purchase Benefits
What is included with this book?
Foreword | p. xv |
About the Authors | p. xvii |
About the Technical Reviewer | p. xix |
Acknowledgments | p. xxi |
Preface | p. xxiii |
Security Design Principles | |
Security Goals | p. 3 |
Security Is Holistic | p. 3 |
Physical Security | p. 4 |
Technological Security | p. 4 |
Policies and Procedures | p. 6 |
Authentication | p. 7 |
Something You Know | p. 7 |
Something You Have | p. 8 |
Something You Are | p. 10 |
Final Notes on Authentication | p. 11 |
Authorization | p. 12 |
Access Control Lists (ACLs) | p. 13 |
Access Control Models | p. 14 |
The Bell-LaPadula Model | p. 15 |
Confidentiality | p. 17 |
Message/Data Integrity | p. 18 |
Accountability | p. 19 |
Availability | p. 20 |
Non-repudiation | p. 21 |
Concepts at Work | p. 22 |
Secure Systems Design | p. 25 |
Understanding Threats | p. 25 |
Defacement | p. 26 |
Infiltration | p. 26 |
Phishing | p. 27 |
Pharming | p. 28 |
Insider Threats | p. 28 |
Click Fraud | p. 29 |
Denial-of-Service (DoS) | p. 29 |
Data Theft and Data Loss | p. 30 |
Designing-In Security | p. 30 |
Windows 98 | p. 31 |
The Internet | p. 31 |
Turtle Shell Architectures | p. 34 |
Convenience and Security | p. 35 |
SimpleWebServer Code Example | p. 35 |
Hypertext Transfer Protocol (HTTP) | p. 35 |
Code Walkthrough | p. 36 |
Security in Software Requirements | p. 44 |
Specifying Error Handling Requirements | p. 44 |
Sharing Requirements with Quality Assurance (QA) | p. 46 |
Handling Internal Errors Securely | p. 47 |
Including Validation and Fraud Checks | p. 48 |
Writing Measurable Security Requirements | p. 50 |
Security or Bust | p. 50 |
Security by Obscurity | p. 51 |
Flaws in the Approach | p. 51 |
SimpleWebServer Obscurity | p. 52 |
Things to Avoid | p. 55 |
Open vs. Closed Source | p. 57 |
A Game of Economics | p. 58 |
"Good Enough" Security | p. 59 |
Secure Design Principles | p. 61 |
The Principle of Least Privilege | p. 61 |
Defense-in-Depth | p. 63 |
Prevent, Detect, Contain, and Recover | p. 63 |
Don't Forget Containment and Recovery | p. 64 |
Password Security Example | p. 65 |
Diversity-in-Defense | p. 65 |
Securing the Weakest Link | p. 66 |
Weak Passwords | p. 66 |
People | p. 66 |
Implementation Vulnerabilities | p. 67 |
Fail-Safe Stance | p. 67 |
SimpleWebServer Fail-Safe Example | p. 67 |
Attempted Fix 1: Checking the File Length | p. 69 |
Attempted Fix 2: Don't Store the File in Memory | p. 69 |
Fix: Don't Store the File in Memory, and Impose a Download Limit | p. 70 |
Secure by Default | p. 71 |
Simplicity | p. 72 |
Usability | p. 73 |
Security Features Do Not Imply Security | p. 74 |
Exercises for Part 1 | p. 77 |
Secure Programming Techniques | |
Worms and Other Malware | p. 83 |
What Is a Worm? | p. 83 |
An Abridged History of Worms | p. 84 |
The Morris Worm: What It Did | p. 84 |
The Morris Worm: What We Learned | p. 85 |
The Creation of CERT | p. 86 |
The Code Red Worm | p. 86 |
The Nimda Worm | p. 87 |
The Blaster and SQL Slammer Worms | p. 87 |
More Malware | p. 89 |
Buffer Overflows | p. 93 |
Anatomy of a Buffer Overflow | p. 93 |
A Small Example | p. 94 |
A More Detailed Example | p. 94 |
The safe_gets() Function | p. 98 |
Safe String Libraries | p. 100 |
Additional Approaches | p. 101 |
StackGuard | p. 101 |
Static Analysis Tools | p. 102 |
Performance | p. 103 |
Heap-Based Overflows | p. 103 |
Other Memory Corruption Vulnerabilities | p. 103 |
Format String Vulnerabilities | p. 104 |
Integer Overflows | p. 104 |
Client-State Manipulation | p. 107 |
Pizza Delivery Web Site Example | p. 108 |
Attack Scenario | p. 110 |
Solution 1: Authoritative State Stays at Server | p. 112 |
Solution 2: Signed State Sent to Client | p. 114 |
Using HTTP POST Instead of GET | p. 117 |
Cookies | p. 119 |
JavaScript | p. 121 |
SQL Injection | p. 123 |
Attack Scenario | p. 124 |
Solutions | p. 130 |
Why Blacklisting Does Not Work | p. 130 |
Whitelisting-Based Input Validation | p. 132 |
Escaping | p. 132 |
Second Order SQL Injection | p. 133 |
Prepared Statements and Bind Variables | p. 134 |
Mitigating the Impact of SQL Injection Attacks | p. 136 |
Password Security | p. 139 |
A Strawman Proposal | p. 139 |
Hashing | p. 141 |
Offline Dictionary Attacks | p. 143 |
Salting | p. 144 |
Online Dictionary Attacks | p. 150 |
Additional Password Security Techniques | p. 151 |
Strong Passwords | p. 151 |
"Honeypot" Passwords | p. 151 |
Password Filtering | p. 151 |
Aging Passwords | p. 152 |
Pronounceable Passwords | p. 152 |
Limited Login Attempts | p. 152 |
Artificial Delays | p. 152 |
Last Login | p. 153 |
Image Authentication | p. 153 |
One-Time Passwords | p. 154 |
Cross-Domain Security in Web Applications | p. 155 |
Interaction Between Web Pages from Different Domains | p. 156 |
HTML, JavaScript, and the Same-Origin Policy | p. 156 |
Possible Interactions of Documents from Different Origins | p. 157 |
HTTP Request Authentication | p. 159 |
Lifetime of Cached Cookies and HTTP Authentication Credentials | p. 160 |
Attack Patterns | p. 161 |
Cross-Site Request Forgery (XSRF) | p. 162 |
Cross-Site Script Inclusion (XSSI) | p. 164 |
Cross-Site Scripting (XSS) | p. 165 |
Preventing XSRF | p. 169 |
Inspecting Referer Headers | p. 170 |
Validation via User-Provided Secret | p. 170 |
Validation via Action Token | p. 171 |
Security Analysis of the Action Token Scheme | p. 173 |
Preventing XSSI | p. 176 |
Authentication via Action Token | p. 176 |
Restriction to POST Requests | p. 177 |
Preventing Resource Access for Cost Reasons | p. 177 |
Preventing XSS | p. 178 |
General Considerations | p. 179 |
Simple Text | p. 180 |
Tag Attributes (e.g., Form Field Value Attributes) | p. 181 |
URL Attributes (href and src) | p. 183 |
Style Attributes | p. 185 |
Within Style Tags | p. 186 |
In JavaScript Context | p. 186 |
JavaScript-Valued Attributes | p. 189 |
Redirects, Cookies, and Header Injection | p. 190 |
Filters for "Safe" Subsets of HTML | p. 191 |
Unspecified Charsets, Browser-Side Charset Guessing, and UTF-7 XSS Attacks | p. 192 |
Non-HTML Documents and Internet Explorer Content-Type Sniffing | p. 193 |
Mitigating the Impact of XSS Attacks | p. 194 |
Exercises for Part 2 | p. 197 |
Introduction to Cryptography | |
Symmetric Key Cryptography | p. 203 |
Introduction to Encryption | p. 204 |
Substitution Ciphers | p. 204 |
Notation and Terminology | p. 205 |
Block Ciphers | p. 205 |
Security by Obscurity: Recap | p. 208 |
Encrypting More Data | p. 208 |
AES Code Example | p. 210 |
Stream Ciphers | p. 217 |
One-Time Pad | p. 217 |
RC4 | p. 217 |
Steganography | p. 219 |
What Is Steganography? | p. 219 |
Steganography vs. Cryptography | p. 220 |
Asymmetric Key Cryptography | p. 221 |
Why Asymmetric Key Cryptography? | p. 221 |
RSA | p. 223 |
Elliptic Curve Cryptography (ECC) | p. 223 |
Symmetric vs. Asymmetric Key Cryptography | p. 224 |
Certificate Authorities | p. 224 |
Identity-Based Encryption (IBE) | p. 225 |
Authentication with Encryption | p. 225 |
Key Management and Exchange | p. 227 |
Types of Keys | p. 227 |
Identity Keys | p. 227 |
Conversation or Session Keys | p. 227 |
Integrity Keys | p. 228 |
Key Generation | p. 228 |
Random Number Generation | p. 229 |
The rand() function | p. 230 |
Random Device Files | p. 230 |
Random APIs | p. 231 |
Key (Secret) Storage | p. 231 |
Keys in Source Code | p. 231 |
Storing the Key in a File on Disk | p. 233 |
"Hard to Reach" Places | p. 233 |
Storing Secrets in External Devices | p. 233 |
Key Agreement and Exchange | p. 235 |
Using Asymmetric Keys | p. 236 |
Diffie-Hellman (DH) | p. 236 |
MACs and Signatures | p. 239 |
Secure Hash Functions | p. 239 |
Message Authentication Codes (MACs) | p. 240 |
CBC MACs | p. 240 |
HMAC | p. 241 |
Signatures | p. 242 |
Certificates and Certificate Authorities (CAs) | p. 243 |
Signing and Verifying | p. 246 |
Registration Authorities (RAs) | p. 246 |
Web of Trust | p. 247 |
Attacks Against Hash Functions | p. 247 |
SSL | p. 247 |
Server-Authenticated-Only | p. 248 |
Mutual Authentication | p. 249 |
Exercises for Part 3 | p. 251 |
Appendixes | |
Defense-in-Depth: The FLI Model | p. 255 |
Protecting Against Failure | p. 256 |
Protecting Against Lies | p. 257 |
Protecting Against Infiltration | p. 257 |
Other Techniques | p. 258 |
Using an FLI-like Model | p. 258 |
References | p. 258 |
Source Code Listings | p. 261 |
References | p. 267 |
Index | p. 277 |
Table of Contents provided by Ingram. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.