Unsecure software is always poorly written/low quality software. This book will help you identify problems and provide the insight necessary to write higher quality code. Contents......Page 6 Acknowledgments......Page 14 Part I: Introduction......Page 16 1 A Call to Action......Page 18 Security as a Call to Action for Developers......Page 19 Why We Wrote This Book and Why You Should Read It......Page 25 How This Book Is Structured......Page 28 Who We Are......Page 32 References......Page 33 2 Security Background......Page 34 Hacker versus Cracker versus Attacker: The Language of Computer Security......Page 35 Legal and Ethical Issues Surrounding Computer Security......Page 38 Networking Basics......Page 41 Networking References......Page 50 References......Page 51 3 Some Useful Tools......Page 52 Security Scanners......Page 53 Hacking and Cracking Tools......Page 59 Reverse Engineering Tools......Page 62 Commercial Tools......Page 68 For More Information......Page 70 Part II: System-Level Attacks......Page 72 4 Problems with Permissions......Page 74 The Bell-Lapadula Model......Page 75 Description......Page 77 Fixing This Vulnerability......Page 84 Summary Sheet—Running with Elevated Privilege......Page 85 References......Page 86 5 Permitting Default or Weak Passwords......Page 88 Finding Default and Weak Passwords......Page 90 Fixing This Vulnerability......Page 98 Summary Sheet—Permitting Default of Weak Passwords......Page 100 References......Page 101 6 Shells, Scripts, and Macros......Page 102 Description......Page 103 Fixing This Problem......Page 107 Summary Sheet—Shells, Scripts, and Macros......Page 108 References......Page 109 7 Dynamic Linking and Loading......Page 110 Finding This Vulnerability......Page 115 Fixing This Vulnerability......Page 116 Summary Sheet—Dynamic Linking and Loading......Page 118 References......Page 119 Part III: Data Parsing......Page 120 8 Buffer Overflow Vulnerabilities......Page 122 Stack Overflows......Page 124 Exploiting Stack Overflows......Page 128 Heap Overflows......Page 131 Exploiting Buffer Overflows: Beyond the Stack......Page 137 Finding This Vulnerability......Page 142 Fixing This Vulnerability......Page 145 Summary Sheet—Buffer Overflows......Page 146 References......Page 147 9 Proprietary Formats and Protocols......Page 148 Description......Page 149 Using “Fuzzing” to Find Vulnerabilities in File Formats and Protocols......Page 153 Preventing Problems with Proprietary Formats and Protocols......Page 162 Summary Sheet—Proprietary Formats and Protocols......Page 163 10 Format String Vulnerabilities......Page 166 The Format Family......Page 171 Exploiting Format String Vulnerabilities......Page 173 Finding This Vulnerability......Page 183 Summary Sheet—Format String Vulnerabilities......Page 185 References......Page 186 11 Integer Overflow Vulnerabilities......Page 188 Finding This Vulnerability......Page 194 Fixing This Vulnerability......Page 196 Summary Sheet—Integer Overflows......Page 197 References......Page 198 Part IV: Information Disclosure......Page 200 12 Storing Passwords in Plain Text......Page 202 Finding This Vulnerability......Page 203 Fixing This Vulnerability......Page 211 Summary Sheet—Storing Passwords in Plain Text......Page 213 References......Page 215 13 Creating Temporary Files......Page 216 Finding This Vulnerability......Page 221 Summary Sheet—Creating Temporary Files......Page 222 References......Page 224 14 Leaving Things in Memory......Page 226 Description......Page 227 Summary Sheet—Leaving Things in Memory......Page 236 References......Page 237 15 The Swap File and Incomplete Deletes......Page 238 Using a Disk Editor to Find Confidential Data Fragments......Page 241 Fixing This Problem......Page 245 Summary Sheet—The Swap File and Incomplete Deletes......Page 247 Part V: On the Wire......Page 250 16 Spoofing and Man-in-the-Middle Attacks......Page 252 Finding Spoofing and Man-in-the-Middle Attacks......Page 253 Summary Sheet—Spoofing and Man-in-the-Middle Attacks......Page 267 References......Page 269 17 Volunteering Too Much Information......Page 270 Finding This Vulnerability......Page 275 Fixing This Vulnerability......Page 276 Summary Sheet—Revealing Too Much Information......Page 278 Part VI: Web Sites......Page 280 18 Cross-Site Scripting......Page 282 Finding Cross-Site Scripting Vulnerabilities......Page 286 Fixing This Vulnerability......Page 289 Summary Sheet—Cross-Site Scripting......Page 291 19 Forceful Browsing......Page 292 Description......Page 293 Finding Forceful Browsing Vulnerabilities......Page 296 Summary Sheet—Forceful Browsing......Page 310 20 Parameter Tampering, Cookie Poisoning, and Hidden Field Manipulation......Page 312 Cookie Values......Page 316 Form Data......Page 317 HTTP Header Tampering......Page 321 Finding This Vulnerability......Page 322 Fixing This Vulnerability......Page 323 Summary Sheet—Parameter Tampering, Cookie Poisoning, and Hidden Field Manipulation......Page 324 References......Page 325 21 SQL Injection Vulnerabilities......Page 326 Exploiting Sites Through SQL Injection......Page 331 Finding This Vulnerability......Page 334 Fixing This Vulnerability......Page 337 Summary Sheet—SQL Injection......Page 338 References......Page 339 22 Additional Browser Security Issues......Page 340 The Domain Security Model......Page 341 Unsafe ActiveX Controls......Page 343 Spoofing of URLs in the Browser......Page 344 Uncommon URL Schemes......Page 345 Summary Sheet—Additional Browser Security Issues......Page 346 Part VII: Conclusion......Page 348 23 Conclusion......Page 350 Where to Go Next......Page 353 References......Page 354 Appendix A: About the CD-ROM......Page 356 Appendix B: Open Source Software Licenses......Page 358 C......Page 364 F......Page 365 M......Page 366 R......Page 367 T......Page 368 Z......Page 369 Annotation In today's market, secure software is a must for consumers. Many developers, however, are not familiar with the techniques needed to produce secure code or detect existing vulnerabilities. The Software Vulnerability Guide helps developers and testers better understand the underlying security flaws in software and provides an easy-to-use reference for security bugs. Most of these bugs (and the viruses, worms, and exploits that derive from them) start out as programmer mistakes. With this guide, professional programmers and testers will learn how to find, fix, and prevent these vulnerabilities before their software reaches the market. Detailed explanations and examples are provided for each of the vulnerabilities, as well as a summary sheet that can be referenced quickly. Tools that make it easier to recognize and prevent vulnerabilities are also explored, and source code snippets, commentary, and techniques are provided in easy-to-read sidebars. This guide is a must have for today's software developers Herbert H. Thompson, Scott G. Chase. Includes Bibliographical References And Index. System Requirements For Accompanying Cd-rom: Windows 2000 Or Xp, Or Linux For X86-family Machines, Kernel Version 2.2 Or Higher; Pentium Ii Or Greater; Cd-rom Drive; Hard Drive; 128 Mbs Of Ram (mimimum 256 Recommended For Windows); Microsoft Visual Studio 6.0 Or Higher For Windows; Gnu Gcc 2.8 Or Higher For Linux; 50 Mbs Of Hard Drive Space For Code Examples And Tools. Annotation This easy-to-use guide focuses on the origin of most software vulnerabilities, including the bugs in the underlying software used to develop IT infrastructures and the Internet. For each of the 30 common software vulnerabilities featured, there is a summary, description of how the vulnerability occurs, and famous examples of how it has been used