rent-now

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

9781584503583

Software Vulnerability Guide

by
  • ISBN13:

    9781584503583

  • ISBN10:

    1584503580

  • Edition: CD
  • Format: Paperback
  • Copyright: 2005-06-03
  • Publisher: Cengage Learning
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $49.95
We're Sorry.
No Options Available at This Time.

Summary

In today's market, secure software is a must for consumers. Many developers, however, are not familiar with the techniques needed to produce secure code or detect existing vulnerabilities. The Software Vulnerability Guide helps developers and testers better understand the underlying security flaws in software and provides an easy-to-use reference for security bugs. Most of these bugs (and the viruses, worms, and exploits that derive from them) start out as programmer mistakes. With this guide, professional programmers and testers will learn how to find, fix, and prevent these vulnerabilities before their software reaches the market. Detailed explanations and examples are provided for each of the vulnerabilities, as well as a summary sheet that can be referenced quickly. Tools that make it easier to recognize and prevent vulnerabilities are also explored, and source code snippets, commentary, and techniques are provided in easy-to-read sidebars. This guide is a must have for today's software developers.

Author Biography

Herbert Thompson (Melbourne Beach, FL) is the Director of Security Technology at Security Innovation LLC and serves on the graduate faculty of the Florida Institute for Technology Scott Chase (Melbourne, FL) is Security Architect at SI Government Solutions, where he manages key research projects for the US government

Table of Contents

Acknowledgmentsp. xiii
Introductionp. 1
A Call to Actionp. 3
Security as a Call to Action for Developersp. 4
Why Care about Securityp. 6
Thinking Differently about Securityp. 8
Entering the Era of Software Securityp. 9
Why We Wrote This Book and Why You Should Read Itp. 10
How This Book Is Structuredp. 13
Who We Arep. 17
Referencesp. 18
Security Backgroundp. 19
Hacker versus Cracker versus Attacker: The Language of Computer Securityp. 20
Legal and Ethical Issues Surrounding Computer Securityp. 23
Federal Laws Related to Illegal Computer Usep. 23
Ethical Reporting of Security Vulnerabilitiesp. 26
Networking Basicsp. 26
Networking Referencesp. 35
Referencesp. 36
Some Useful Toolsp. 37
Security Scannersp. 38
Comprehensive Scanning Toolsp. 38
Nmap and Network Scannersp. 41
Packet Sniffing and Spoofingp. 42
Hacking and Cracking Toolsp. 44
Password Crackersp. 45
Packet Generation and Replayp. 45
Network Fuzzingp. 46
Web Site Test Toolsp. 47
Reverse Engineering Toolsp. 47
Source and Binary Scannersp. 48
Specialty Editorsp. 49
API and System Monitorsp. 49
Disassemblersp. 50
Using Debuggers for Security Testingp. 50
Commercial Toolsp. 53
Retinap. 53
AppScanp. 53
WebProxyp. 53
Holodeckp. 53
For More Informationp. 55
System-Level Attacksp. 57
Problems with Permissionsp. 59
The Bell-Lapadula Modelp. 60
Descriptionp. 62
Finding Programs with the Supervisor Bit Setp. 64
Attacking Supervisor Mode Programs by Finding Side-Effect Functionalityp. 64
Attacking Supervisor Mode Programs by Exploiting a Buffer Overrunp. 67
Windows: Not Immune From, but Less Prone to, Escalation of Privilegep. 68
Fixing This Vulnerabilityp. 69
The setuid() and seteuid() System Callsp. 69
Summary Sheet-Running with Elevated Privilegep. 70
Referencesp. 71
Permitting Default or Weak Passwordsp. 73
Finding Default and Weak Passwordsp. 75
Building a Password Crackerp. 76
Using a Dictionary Helperp. 78
Writing the Main Crack Routinep. 80
Putting It Togetherp. 83
Fixing This Vulnerabilityp. 83
Summary Sheet-Permitting Default of Weak Passwordsp. 85
Referencesp. 86
Shells, Scripts, and Macrosp. 87
Descriptionp. 88
Embedded Script Languages and Command Interpretersp. 89
Document Markupp. 90
JavaScriptp. 90
Safe for Scripting ActiveX Controlsp. 91
Database Stored Proceduresp. 91
Macro Expansion in Logs and Messagesp. 91
Fixing This Problemp. 92
Summary Sheet-Shells, Scripts, and Macrosp. 93
Referencesp. 94
Dynamic Linking and Loadingp. 95
Finding This Vulnerabilityp. 100
Fixing This Vulnerabilityp. 101
Explicit Linking and Loading of a DLLp. 102
Summary Sheet-Dynamic Linking and Loadingp. 103
Referencesp. 104
Data Parsingp. 105
Buffer Overflow Vulnerabilitiesp. 107
Stack Overflowsp. 109
Exploiting Stack Overflowsp. 113
Heap Overflowsp. 116
Exploiting Buffer Overflows: Beyond the Stackp. 122
Finding This Vulnerabilityp. 127
White-Box Testing Techniques and Toolsp. 128
Black-Box Testing Techniques and Toolsp. 128
Fixing This Vulnerabilityp. 130
Summary Sheet-Buffer Overflowsp. 131
Endnotesp. 132
Referencesp. 132
Proprietary Formats and Protocolsp. 133
Descriptionp. 134
Same Data, Many Formatsp. 135
Using "Fuzzing" to Find Vulnerabilities in File Formats and Protocolsp. 138
Preventing Problems with Proprietary Formats and Protocolsp. 147
Summary Sheet-Proprietary Formats and Protocolsp. 148
Format String Vulnerabilitiesp. 151
The Format Familyp. 156
Exploiting Format String Vulnerabilitiesp. 158
Finding This Vulnerabilityp. 168
Fixing This Vulnerabilityp. 169
Summary Sheet-Format String Vulnerabilitiesp. 170
Referencesp. 171
Integer Overflow Vulnerabilitiesp. 173
Exploiting Integer Overflow Vulnerabilitiesp. 179
Finding This Vulnerabilityp. 179
Fixing This Vulnerabilityp. 181
Summary Sheet-Integer Overflowsp. 182
Referencesp. 183
Information Disclosurep. 185
Storing Passwords in Plain Textp. 187
Finding This Vulnerabilityp. 188
Fixing This Vulnerabilityp. 196
Using the Unix Password Hashing Functionsp. 197
Using CryptCreateHash and CryptHashData in Windowsp. 198
Summary Sheet-Storing Passwords in Plain Textp. 198
Referencesp. 200
Creating Temporary Filesp. 201
Finding This Vulnerabilityp. 206
Fixing This Vulnerabilityp. 207
Summary Sheet-Creating Temporary Filesp. 207
Referencesp. 209
Leaving Things in Memoryp. 211
Descriptionp. 212
Finding Exposed Data in Memoryp. 214
Fixing This Problemp. 221
Summary Sheet-Leaving Things in Memoryp. 221
Endnotep. 222
Referencesp. 222
The Swap File and Incomplete Deletesp. 223
Using a Disk Editor to Find Confidential Data Fragmentsp. 226
Fixing This Problemp. 230
Summary Sheet-The Swap File and Incomplete Deletesp. 232
On the Wirep. 235
Spoofing and Man-in-the-Middle Attacksp. 237
Finding Spoofing and Man-in-the-Middle Attacksp. 238
Connection Hijackingp. 240
Name Server Cache Poisoningp. 247
Spoofing at the Application Levelp. 250
Other Kinds of Man-in-the-Middle Attacks: DHCP and 802.11p. 252
Preventing Spoofing and Man-in-the-Middle Attacksp. 252
Summary Sheet-Spoofing and Man-in-the-Middle Attacksp. 252
Referencesp. 254
Volunteering Too Much Informationp. 255
Finding This Vulnerabilityp. 260
Fixing This Vulnerabilityp. 261
Summary Sheet-Revealing Too Much Informationp. 263
Web Sitesp. 265
Cross-Site Scriptingp. 267
Finding Cross-Site Scripting Vulnerabilitiesp. 271
Fixing This Vulnerabilityp. 274
Preventing More Advanced Cross-Site Scripting Vulnerabilitiesp. 275
HTML-Encoding Outputp. 275
Summary Sheet-Cross-Site Scriptingp. 276
Forceful Browsingp. 277
Descriptionp. 278
Finding Forceful Browsing Vulnerabilitiesp. 281
Building a Forceful Browsing Test Toolp. 283
Preventing Forceful Browsingp. 295
Summary Sheet-Forceful Browsingp. 295
Parameter Tampering, Cookie Poisoning, and Hidden Field Manipulationp. 297
Cookie Valuesp. 301
Form Datap. 302
Query Stringsp. 306
HTTP Header Tamperingp. 306
Finding This Vulnerabilityp. 307
Fixing This Vulnerabilityp. 308
Summary Sheet-Parameter Tampering, Cookie Poisoning, and Hidden Field Manipulationp. 309
Referencesp. 310
SQL Injection Vulnerabilitiesp. 311
Exploiting Sites Through SQL Injectionp. 316
Finding This Vulnerabilityp. 319
Index.htmlp. 320
Process.aspp. 321
Fixing This Vulnerabilityp. 322
Process.aspp. 322
Summary Sheet-SQL Injectionp. 323
Referencesp. 324
Additional Browser Security Issuesp. 325
The Domain Security Modelp. 326
Unsafe ActiveX Controlsp. 328
Spoofing of URLs in the Browserp. 329
MIME Type Spoofingp. 330
Uncommon URL Schemesp. 330
Browser Helper Objectsp. 331
Summary Sheet-Additional Browser Security Issuesp. 331
Conclusionp. 333
Conclusionp. 335
Learning from Vulnerabilitiesp. 338
Where to Go Nextp. 338
Referencesp. 339
About the CD-ROMp. 341
Open Source Software Licensesp. 343
Indexp. 349
Table of Contents provided by Ingram. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program