Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
F OREWORD
P REFACE
A CKNOWLEDGMENTS
A BOUT THE A UTHORS
Part I: Introduction
1 C ASE Y OUR O WN J OINT : A P ARADIGM S HIFT FROM T RADITIONAL S OFTWARE T ESTING
Security Testing Versus Traditional Software Testing
SQL Injection Attack Pattern
The Paradigm Shift of Security Testing
High-Level Security Testing Strategies
The Fault Injection Model of Testing: Testers as Detectives
Think Like an Attacker
Prioritizing Your Work
Take the Easy Road: Using Tools to Aid in the Detective Work
Learn from the Vulnerability Tree of Knowledge
Testing Recipe: Summary
Endnotes
2 H OW V ULNERABILITIES G ET INTO A LL S OFTWARE
Design Versus Implementation Vulnerabilities
Common Secure Design Issues
Poor Use of Cryptography
Tracking Users and Their Permissions
Flawed Input Validation
Weak Structural Security
Other Design Flaws
Programming Language Implementation Issues
Compiled Language: C/C++
Interpreted Languages: Shell Scripting and PHP
Virtual Machine Languages: Java and C#
Platform Implementation Issues
Problem: Symbolic Linking
Problem: Directory Traversal
Problem: Character Conversions
Generic Application Security Implementation Issues
SQL Injection
Cross-Site Scripting
Problems During the Development Process
Poorly Documented Security Requirements and Assumptions
Poor Communication and Documentation
Lack of Security Processes During the Development Process
Weak Deployment
Vulnerability Root Cause Taxonomy
Summary: Testing Notes
Endnotes
3 T HE S ECURE S OFTWARE D EVELOPMENT L IFECYCLE
Fitting Security Testing into the Software Development Lifecycle
SSDL Phase 1: Security Guidelines, Rules, and Regulations
SSDL Phase 2: Security Requirements: Attack Use Cases
Sample Security Requirements
SSDL Phase 3: Architectural and Design Reviews/Threat Modeling
SSDL Phase 4: Secure Coding Guidelines
SSDL Phase 5: Black/Gray/White Box Testing
SSDL Phase 6: Determining Exploitability
Deploying Applications Securely
Patch Management: Managing Vulnerabilities
Roles and Responsibilities
SSDL Relationship to System Development Lifecycle
Summary
Endnotes
4 R ISK -B ASED S ECURITY T ESTING : P RIORITIZING S ECURITY T ESTING WITH T HREAT M ODELING
Information Gathering
Meeting with the Architects
Runtime Inspection
Windows Platform
UNIX Footprinting
Finalizing Information Gathering
The Modeling Process
Identifying Threat Paths
Identifying Threats
Identifying Vulnerabilities
Ranking the Risk Associated with a Vulnerability
Determining Exploitability
Endnote
5 S HADES OF A NALYSIS : W HITE , G RAY, AND B LACK B OX T ESTING
White Box Testing
Black Box Testing
Gray Box Testing
Setting Up a Lab for Testing
Fuzzers
Sniffers
Debuggers
Hardware
Commercial Testing Appliances
Network Hardware
Staging Application Attacks
Lab Environment
Network Attacks
Endnote
Part II: Performing the Attacks
6 G ENERIC N ETWORK F AULT I NJECTION
Networks
Port Discovery
netstat and Local Tools
Port Scanning
Proxies
The Simplest Proxy: Random TCP/UDP Fault Injector
Building the Fault Injection Data Set
Man-in-the-Middle Proxies
Conclusion
Summary
Endnotes
7 W EB A PPLICATIONS : S ESSION A TTACKS
Targeting the Application
Authentication Versus Authorization
Brute-Forcing Session and Resource IDs
Cookie Gathering
Determining SID Strength: Phase Space Analysis
Cross-Site Scripting
Conclusion
Summary
Endnote
8 W EB A PPLICATIONS : C OMMON I SSUES
Bypassing Authorization
SQL Injection
The Basics
Database Schema Discovery
Executing Commands on the SQL Server
Uploading Executable Content (ASP/PHP/bat)
File Enumeration
Source Code Disclosure Vulnerabilities
Hidden Fields in HTTP
Conclusion
Summary
Endnotes
9 W EB P ROXIES : U SING W EBSCARAB
WebScarab Proxy
Conclusion
Summary
Endnotes
10 I MPLEMENTING A C USTOM F UZZ U TILITY
Protocol Discovery
SOAP and the WSDL
The SOAPpy Library
Conclusion
Summary
Endnotes
11 L OCAL F AULT I NJECTION
Local Resources and Interprocess Communication
Windows NT Objects
UNIX set-user-id Processes and Interprocess Communication
Threat-Modeling Local Applications
Enumerating Windows Application Resources
Enumerating UNIX Application Resources
Testing Scriptable ActiveX Object Interfaces
Identifying “Safe” Scriptable Objects
Testing Object Interfaces
Manual Interface Testing
Automated ActiveX Interface Testing
Evaluating Crashes
Fuzzing File Formats
File Corruption Testing
Automated File Corruption
Command-Line Utility Fuzzing
Immunity ShareFuzz
Brute-Force Binary Tester
CLI Fuzz
Shared Memory
Summary
Endnotes
Part III: Analysis
12 D ETERMINING E XPLOITABILITY
Classifying a Vulnerability
Time
Reliability/Reproducibility
Access
Positioning
Memory Trespass and Arbitrary Code Execution
Computer Architecture
The Stack
Stack Buffer Overflows
The Heap
Determining Exploitability
Process Crash Dumps
Controlled Memory and Registers
Mitigating Factors: Stack and Heap Protections
Further Resources
I NDEX
← Prev
Back
Next →
← Prev
Back
Next →