Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
A BOUT THE A UTHORS
P REFACE
A CKNOWLEDGMENTS
I. Introduction to Software Security Assessment
1. S OFTWARE V ULNERABILITY F UNDAMENTALS
Introduction
Vulnerabilities
Security Policies
Security Expectations
The Necessity of Auditing
Auditing Versus Black Box Testing
Code Auditing and the Development Life Cycle
Classifying Vulnerabilities
Design Vulnerabilities
Implementation Vulnerabilities
Operational Vulnerabilities
Gray Areas
Common Threads
Input and Data Flow
Trust Relationships
Assumptions and Misplaced Trust
Interfaces
Environmental Attacks
Exceptional Conditions
Summary
2. D ESIGN R EVIEW
Introduction
Software Design Fundamentals
Algorithms
Abstraction and Decomposition
Trust Relationships
Principles of Software Design
Fundamental Design Flaws
Enforcing Security Policy
Authentication
Authorization
Accountability
Confidentiality
Integrity
Availability
Threat Modeling
Information Collection
Application Architecture Modeling
Threat Identification
Documentation of Findings
Prioritizing the Implementation Review
Summary
3. O PERATIONAL R EVIEW
Introduction
Exposure
Attack Surface
Insecure Defaults
Access Control
Unnecessary Services
Secure Channels
Spoofing and Identification
Network Profiles
Web-Specific Considerations
HTTP Request Methods
Directory Indexing
File Handlers
Authentication
Default Site Installations
Overly Verbose Error Messages
Public-Facing Administrative Interfaces
Protective Measures
Development Measures
Host-Based Measures
Network-Based Measures
Summary
4. A PPLICATION R EVIEW P ROCESS
Introduction
Overview of the Application Review Process
Rationale
Process Outline
Preassessment
Scoping
Application Access
Information Collection
Application Review
Avoid Drowning
Iterative Process
Initial Preparation
Plan
Work
Reflect
Documentation and Analysis
Reporting and Remediation Support
Code Navigation
External Flow Sensitivity
Tracing Direction
Code-Auditing Strategies
Code Comprehension Strategies
Candidate Point Strategies
Design Generalization Strategies
Code-Auditing Tachniques
Internal Flow Analysis
Subsystem and Dependency Analysis
Rereading Code
Desk-Checking
Test Cases
Code Auditor’s Toolbox
Source Code Navigators
Debuggers
Binary Navigation Tools
Fuzz-Testing Tools
Case Study: OpenSSH
Preassessment
Implementation Analysis
High-Level Attack Vectors
Documentation of Findings
Summary
II. Software Vulnerabilities
5. M EMORY C ORRUPTION
Introduction
Buffer Overflows
Process Memory Layout
Stack Overflows
Off-by-One Errors
Heap Overflows
Global and Static Data Overflows
Shellcode
Writing the Code
Finding Your Code in Memory
Protection Mechanisms
Stack Cookies
Heap Implementation Hardening
Nonexecutable Stack and Heap Protection
Address Space Layout Randomization
SafeSEH
Function Pointer Obfuscation
Assessing Memory Corruption Impact
Where Is the Buffer Located in Memory?
What Other Data Is Overwritten?
How Many Bytes Can Be Overwritten?
What Data Can Be Used to Corrupt Memory?
Are Memory Blocks Shared?
What Protections Are in Place?
Summary
6. C L ANGUAGE I SSUES
Introduction
C Language Background
Data Storage Overview
Binary Encoding
Byte Order
Common Implementations
Arithmetic Boundary Conditions
Unsigned Integer Boundaries
Signed Integer Boundaries
Type Conversions
Overview
Conversion Rules
Simple Conversions
Integer Promotions
Integer Promotion Applications
Usual Arithmetic Conversions
Usual Arithmetic Conversion Applications
Type Conversion Summary
Type Conversion Vulnerabilities
Signed/Unsigned Conversions
Sign Extension
Truncation
Comparisons
Operators
The sizeof Operator
Unexpected Results
Pointer Arithmetic
Pointer Overview
Pointer Arithmetic Overview
Vulnerabilities
Other C Nuances
Order of Evaluation
Structure Padding
Precedence
Macros/Preprocessor
Typos
Summary
7. P ROGRAM B UILDING B LOCKS
Introduction
Auditing Variable Use
Variable Relationships
Structure and Object Mismanagement
Variable Initialization
Arithmetic Boundaries
Type Confusion
Lists and Tables
Auditing Control Flow
Looping Constructs
Flow Transfer Statements
Switch Statements
Auditing Functions
Function Audit Logs
Return Value Testing and Interpretation
Function Side-Effects
Argument Meaning
Auditing Memory Management
ACC Logs
Allocation Functions
Allocator Scorecards and Error Domains
Double-Frees
Summary
8. S TRINGS AND M ETACHARACTERS
Introduction
C String Handling
Unbounded String Functions
Bounded String Functions
Common Issues
Metacharacters
Embedded Delimiters
NUL Character Injection
Truncation
Common Metacharacter Formats
Path Metacharacters
C Format Strings
Shell Metacharacters
Perl open()
SQL Queries
Metacharacter Filtering
Eliminating Metacharacters
Escaping Metacharacters
Metacharacter Evasion
Character Sets and Unicode
Unicode
Windows Unicode Functions
Summary
9. UNIX I: P RIVILEGES AND F ILES
Introduction
UNIX 101
Users and Groups
Files and Directories
Processes
Privilege Model
Privileged Programs
User ID Functions
Group ID Functions
Privilege Vulnerabilities
Reckless Use of Privileges
Dropping Privileges Permanently
Dropping Privileges Temporarily
Auditing Privilege-Management Code
Privilege Extensions
File Security
File IDs
File Permissions
Directory Permissions
Privilege Management with File Operations
File Creation
Directory Safety
Filenames and Paths
Dangerous Places
Interesting Files
File Internals
File Descriptors
Inodes
Directories
Links
Symbolic Links
Hard Links
Race Conditions
TOCTOU
The stat() Family of Functions
File Race Redux
Permission Races
Ownership Races
Directory Races
Temporary Files
Unique File Creation
File Reuse
Temporary Directory Cleaners
The Stdio File Interface
Opening a File
Reading from a File
Writing to a File
Closing a File
Summary
10. UNIX II: P ROCESSES
Introduction
Processes
Process Creation
fork() Variants
Process Termination
fork() and Open Files
Program Invocation
Direct Invocation
Indirect Invocation
Process Attributes
Process Attribute Retention
Resource Limits
File Descriptors
Environment Arrays
Process Groups, Sessions, and Terminals
Interprocess Communication
Pipes
Named Pipes
System V IPC
UNIX Domain Sockets
Remote Procedure Calls
RPC Definition Files
RPC Decoding Routines
Authentication
Summary
11. W INDOWS I: O BJECTS AND THE F ILE S YSTEM
Introduction
Background
Objects
Object Namespaces
Object Handles
Sessions
Security IDs
Logon Rights
Access Tokens
Security Descriptors
Access Masks
ACL Inheritance
Security Descriptors Programming Interfaces
Auditing ACL Permissions
Processes and Threads
Process Loading
ShellExecute and ShellExecuteEx
DLL Loading
Services
File Access
File Permissions
The File I/O API
Links
The Registry
Key Permissions
Key and Value Squatting
Summary
12. W INDOWS II: I NTERPROCESS C OMMUNICATION
Introduction
Windows IPC Security
The Redirector
Impersonation
Window Messaging
Window Stations Object
The Desktop Object
Window Messages
Shatter Attacks
DDE
Terminal Sessions
Pipes
Pipe Permissions
Named Pipes
Pipe Creation
Impersonation in Pipes
Pipe Squatting
Mailslots
Mailslot Permissions
Mailslot Squatting
Remote Procedure Calls
RPC Connections
RPC Transports
Microsoft Interface Definition Language
IDL File Structure
Application Configuration Files
RPC Servers
Impersonation in RPC
Context Handles and State
Threading in RPC
Auditing RPC Applications
COM
COM: A Quick Primer
DCOM Configuration Utility
DCOM Application Identity
DCOM Subsystem Access Permissions
DCOM Access Controls
Impersonation in DCOM
MIDL Revisited
Active Template Library
Auditing DCOM Applications
ActiveX Security
Summary
13. S YNCHRONIZATION AND S TATE
Introduction
Synchronization Problems
Reentrancy and Asynchronous-Safe Code
Race Conditions
Starvation and Deadlocks
Process Synchronization
System V Process Synchronization
Windows Process Synchronization
Vulnerabilities with Interprocess Synchronization
Signals
Sending Signals
Handling Signals
Jump Locations
Signal Vulnerabilities
Signals Scoreboard
Threads
PThreads API
Windows API
Threading Vulnerabilities
Summary
III. Software Vulnerabilities in Practice
14. N ETWORK P ROTOCOLS
Introduction
Internet Protocol
IP Addressing Primer
IP Packet Structures
Basic IP Header Validation
IP Options Processing
Source Routing
Fragmentation
User Datagram Protocol
Basic UDP Header Validation
UDP Issues
Transmission Control Protocol
Basic TCP Header Validation
TCP Options Processing
TCP Connections
TCP Streams
TCP Processing
Summary
15. F IREWALLS
Introduction
Overview of Firewalls
Proxy Versus Packet Filters
Attack Surface
Proxy Firewalls
Packet-Filtering Firewalls
Stateless Firewalls
TCP
UDP
FTP
Fragmentation
Simple Stateful Firewalls
TCP
UDP
Directionality
Fragmentation
Stateful Inspection Firewalls
Layering Issues
Spoofing Attacks
Spoofing from a Distance
Spoofing Up Close
Spooky Action at a Distance
Summary
16. N ETWORK A PPLICATION P ROTOCOLS
Introduction
Auditing Application Protocols
Collect Documentation
Identify Elements of Unknown Protocols
Match Data Types with the Protocol
Data Verification
Access to System Resources
Hypertext Transfer Protocol
Header Parsing
Accessing Resources
Utility Functions
Posting Data
Internet Security Association and Key Management Protocol
Payloads
Payload Types
Encryption Vulnerabilities
Abstract Syntax Notation (ASN.1)
Basic Encoding Rules
Canonical Encoding and Distinguished Encoding
Vulnerabilities in BER, CER, and DER Implementations
Packed Encoding Rules (PER)
XML Encoding Rules
XER Vulnerabilities
Domain Name System
Domain Names and Resource Records
Name Servers and Resolvers
Zones
Resource Record Conventions
Basic Use Case
DNS Protocol Structure Primer
DNS Names
Length Variables
DNS Spoofing
Summary
17. W EB A PPLICATIONS
Introduction
Web Technology Overview
The Basics
Static Content
CGI
Web Server APIs
Server-Side Includes
Server-Side Transformation
Server-Side Scripting
HTTP
Overview
Versions
Headers
Methods
Parameters and Forms
State and HTTP Authentication
Overview
Client IP Addresses
Referer Request Header
Embedding State in HTML and URLs
HTTP Authentication
Cookies
Sessions
Architecture
Redundancy
Presentation Logic
Business Logic
N-Tier Architectures
Business Tier
Web Tier: Model-View-Controller
Problem Areas
Client Visibility
Client Control
Page Flow
Sessions
Authentication
Authorization and Access Control
Encryption and SSL/TLS
Phishing and Impersonation
Common Vulnerabilities
SQL Injection
OS and File System Interaction
XML Injection
XPath Injection
Cross-Site Scripting
Threading Issues
C/C++ Problems
Harsh Realities of the Web
Auditing Strategy
Summary
18. W EB T ECHNOLOGIES
Introduction
Web Services and Service-Oriented Architecture
SOAP
REST
AJAX
Web Application Platforms
CGI
Indexed Queries
Environment Variables
Path Confusion
Perl
SQL Injection
File Access
Shell Invocation
File Inclusion
Inline Evaluation
Cross-Site Scripting
Taint Mode
PHP
SQL Injection
File Access
Shell Invocation
File Inclusion
Inline Evaluation
Cross-Site Scripting
Configuration
Java
SQL Injection
File Access
Shell Invocation
File Inclusion
JSP File Inclusion
Inline Evaluation
Cross-Site Scripting
Threading Issues
Configuration
ASP
SQL Injection
File Access
Shell Invocation
File Inclusion
Inline Evaluation
Cross-Site Scripting
Configuration
ASP.NET
SQL Injection
File Access
Shell Invocation
File Inclusion
Inline Evaluation
Cross-Site Scripting
Configuration
ViewState
Summary
B IBLIOGRAPHY
I NDEX
← Prev
Back
Next →
← Prev
Back
Next →