The software vulnerability guide

In today's market, secure software is a must for consumers. Many developers, however, are not familiar with the techniques needed to produce secure code or detect existing vulnerabilities. The Software Vulnerability Guide helps developers and testers better understand the underlying security flaws in software and provides an easy-to-use reference for security bugs. Most of these bugs (and the viruses, worms, and exploits that derive from them) start out as programmer mistakes. With this guide, professional programmers and testers will learn how to find, fix, and prevent these vulnerabilities before their software reaches the market. Detailed explanations and examples are provided for each of the vulnerabilities, as well as a summary sheet that can be referenced quickly. Tools that make it easier to recognize and prevent vulnerabilities are also explored, and source code snippets, commentary, and techniques are provided in easy-to-read sidebars. This guide is a must have for today's software developers.

Acknowledgments PART I INTRODUCTION 1 A Call to Action Security as a Call to Action for Developers Why Care about Security Thinking Differently about Security Entering the Era of Software Security Why We Wrote This Book and Why You Should Read It How This Book Is Structured Who We Are 2 Security Background Hacker versus Cracker versus Attacker: The Language of Computer Security Legal and Ethical Issues Surrounding Computer Security Federal Laws Related to Illegal Computer Use Ethical Reporting of Security Vulnerabilities Networking Basics Networking References 3 Some Useful Tools Security Scanners Comprehensive Scanning Tools Nmap and Network Scanners Packet Sniffing and Spoofing Hacking and Cracking Tools Password Crackers Packet Generation and Replay Network Fuzzing Web Site Test Tools Reverse Engineering Tools Source and Binary Scanners Specialty Editors API and System Monitors Disassemblers Using Debuggers for Security Testing Commercial Tools Retina AppScan WebProxy Holodeck For More Information PART II SYSTEM-LEVEL ATTACKS 4 Problems with Permissions The Bell-Lapadula Model Finding Programs with the Supervisor Bit Set 64 Attacking Supervisor Mode Programs by Finding Side-Effect Functionality Attacking Supervisor Mode Programs by Exploiting a Buffer Overrun Windows: Not Immune From, but Less Prone to, Escalation of Privilege Fixing This Vulnerability The setuid() and seteuid() System Calls Summary Sheet-Running with Elevated Privilege 5 Permitting Default or Weak Passwords Finding Default and Weak Passwords Building a Password Cracker Using a Dictionary Helper Writing the Main Crack Routine Putting It Together Fixing This Vulnerability Summary Sheet-Permitting Default of Weak Passwords 6 Shells, Scripts, and Macros Description Embedded Script Languages and Command Interpreters Document Markup JavaScript Safe for Scripting ActiveX Controls Database Stored Procedures Macro Expansion in Logs and Messages Fixing This Problem 7 Dynamic Linking and Loading Finding This Vulnerability Fixing This Vulnerability Explicit Linking and Loading of a DLL Summary Sheet-Dynamic Linking and Loading PART III DATA PARSING 8 Buffer Overflow Vulnerabilities Stack Overflows Exploiting Stack Overflows Heap Overflows Exploiting Buffer Overflows: Beyond the Stack Finding This Vulnerability White-Box Testing Techniques and Tools Black-Box Testing Techniques and Tools Fixing This Vulnerability Summary Sheet-Buffer Overflows 9 Proprietary Formats and Protocols Same Data, Many Formats Using "Fuzzing" to Find Vulnerabilities in File Formats and Protocols Preventing Problems with Proprietary Formats and Protocols Summary Sheet-Proprietary Formats and Protocols 10 Format String Vulnerabilities The Format Family Exploiting Format String Vulnerabilities Finding This Vulnerability Fixing This Vulnerability Summary Sheet-Format String Vulnerabilities 11 Integer Overflow Vulnerabilities Exploiting Integer Overflow Vulnerabilities Finding This Vulnerability Fixing This Vulnerability Summary Sheet-Integer Overflows PART IV INFORMATION DISCLOSURE 12 Storing Passwords in Plain Text Finding This Vulnerability Fixing This Vulnerability Using the Unix Password Hashing Functions Using CryptCreateHash and CryptHashData in Windows Summary Sheet-Storing Passwords in Plain Text 13 Creating Temporary Files Finding This Vulnerability Fixing This Vulnerability Summary Sheet-Creating Temporary Files 14 Leaving Things in Memory Description Finding Exposed Data in Memory Fixing This Problem Summary Sheet-Leaving Things in Memory 15 The Swap File and Incomplete Deletes Using a Disk Editor to Find Confidential Data Fragments Fixing This Problem Summary Sheet-The Swap File and Incomplete Deletes PART V ON THE WIRE 16 Spoofing and Man-in-the-Middle Attacks Finding Spoofing and Man-in-the-Middle Attacks Connection Hijacking Name Server Cache Poisoning Spoofing at the Application Level Other Kinds of Man-in-the-Middle Attacks: DHCP and 802.11 Preventing Spoofing and Man-in-the-Middle Attacks Summary Sheet-Spoofing and Man-in-the-Middle Attacks 17 Volunteering Too Much Information Finding This Vulnerability Fixing This Vulnerability Summary Sheet-Revealing Too Much Information PART VI WEB SITES 18 Cross-Site Scripting Finding Cross-Site Scripting Vulnerabilities Fixing This Vulnerability Preventing More Advanced Cross-Site Scripting Vulnerabilities HTML-Encoding Output Summary Sheet-Cross-Site Scripting 19 Forceful Browsing Description Finding Forceful Browsing Vulnerabilities Building a Forceful Browsing Test Tool Preventing Forceful Browsing Summary Sheet-Forceful Browsing 20 Parameter Tampering, Cookie Poisoning, and Hidden Field Manipulation Cookie Values Form Data Query Strings HTTP Header Tampering Finding This Vulnerability Fixing This Vulnerability Summary Sheet-Parameter Tampering, Cookie Poisoning, and Hidden Field Manipulation References 21 SQL Injection Vulnerabilities Exploiting Sites Through SQL Injection Finding This Vulnerability Fixing This Vulnerability Summary Sheet-SQL Injection 22 Additional Browser Security Issues The Domain Security Model Unsafe ActiveX Controls Spoofing of URLs in the Browser MIME Type Spoofing Uncommon URL Schemes Browser Helper Objects Summary Sheet-Additional Browser Security Issues Learning from Vulnerabilities Where to Go Next References Appendix A: About the CD-ROM Appendix B: Open Source Software Licenses