Identifying and Preventing
Software Vulnerabilities
By Mark Dowd, John McDonald, Justin Schuh
Publisher: Addison Wesley Professional
Pub Date: November 10, 2006
Print ISBN-10: 0-321-44442-6
Print ISBN-13: 978-0-321-44442-4
Pages: 1200
Pub Date: November 10, 2006
Print ISBN-10: 0-321-44442-6
Print ISBN-13: 978-0-321-44442-4
Pages: 1200
Mark Dowd is a principal security architect at McAfee, Inc. and an established expert
in the field of application security. His professional experience includes several years
as a senior researcher at Internet Security Systems (ISS) X-Force, and the discovery
of a number of high-profile vulnerabilities in ubiquitous Internet software. He is
responsible for identifying and helping to address critical flaws in Sendmail, Microsoft
Exchange Server, OpenSSH, Internet Explorer, Mozilla (Firefox), Checkpoint VPN,
and Microsoft's SSL implementation. In addition to his research work, Mark presents
at industry conferences, including Black Hat and RUXCON.
John McDonald is a senior consultant with Neohapsis, where he specializes in
advanced application security assessment across a broad range of technologies and
platforms. He has an established reputation in software security, including work in
security architecture and vulnerability research for NAI (now McAfee), Data Protect
GmbH, and Citibank. As a vulnerability researcher, John has identified and helped
resolve numerous critical vulnerabilities, including issues in Solaris, BSD, Checkpoint
FireWall-1, OpenSSL, and BIND.
Justin Schuh is a senior consultant with Neohapsis, where he leads the Application
Security Practice. As a senior consultant and practice lead, he performs software
security assessments across a range of systems, from embedded device firmware to
distributed enterprise web applications. Prior to his employment with Neohapsis,
Justin spent nearly a decade in computer security activities at the Department of
Defense (DoD) and related agencies. His government service includes a role as a lead
researcher with the National Security Agency (NSA) penetration testing teamthe Red Team.
Acknowledgments
Mark: To my family, friends, and colleagues, for supporting me and providing
encouragement throughout this endeavor.
John: To my girlfriend Jess, my family and friends, Neohapsis, Vincent Howard, Dave
Aitel, David Leblanc, Thomas Lopatic, and Howard Kirk.
Justin: To my wife Cat, my coworkers at Neohapsis, my family and friends, and
everyone at a three-letter agency who kept me out of trouble.
We would collectively like to thank reviewers, friends, and colleagues who have given
invaluable feedback, suggestions, and comments that helped shape this book into the
finished product you see today. In particular, we would like to acknowledge Neel
Mehta, Halvar Flake, John Viega, and Nishad Herath for their tireless efforts in
reviewing and helping to give us technical and organizational direction. We'd also like
to thank the entire publishing team at Addison-Wesley for working with us to ensure
the highest-quality finished product possible.
Introduction
The Definitive Insider's Guide to Auditing Software Security
This is one of the most detailed, sophisticated, and useful guides to software security
auditing ever written. The authors are leading security consultants and researchers
who have personally uncovered vulnerabilities in applications ranging from sendmail
to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their
extraordinary experience, they introduce a start-to-finish methodology for "ripping
apart" applications to reveal even the most subtle and well-hidden security flaws.
The Art of Software Security Assessment covers the full spectrum of software
vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how
to audit security in applications of all sizes and functions, including network and Web
software. Moreover, it teaches using extensive examples of real code drawn from past
flaws in many of the industry's highest-profile applications.
Coverage includes
• Code auditing: theory, practice, proven methodologies, and secrets of the trade
• Bridging the gap between secure software design and post-implementation review
• Performing architectural assessment: design review, threat modeling, and
operational review
• Identifying vulnerabilities related to memory management, data types, and
malformed data
• UNIX/Linux assessment: privileges, files, and processes
• Windows-specific issues, including objects and the filesystem
• Auditing interprocess communication, synchronization, and state
• Evaluating network software: IP stacks, firewalls, and common application
protocols
• Auditing Web applications and technologies
This book is an unprecedented resource for everyone who must deliver secure
software or assure the safety of existing software: consultants, security specialists,
developers, QA staff, testers, and administrators alike.
Contents at a Glace
ABOUT THE AUTHORS xv
PREFACE xvii
ACKNOWLEDGMENTS xxi
I Introduction to Software Security Assessment
1 SOFTWARE VULNERABILITY FUNDAMENTALS 3
2 DESIGN REVIEW 25
3 OPERATIONAL REVIEW 67
4 APPLICATION REVIEW PROCESS 91
5 MEMORY CORRUPTION 167
6 C LANGUAGE ISSUES 203
7 PROGRAM BUILDING BLOCKS 297
8 STRINGS ANDMETACHARACTERS 387
9 UNIX I: PRIVILEGES AND FILES 459
10 UNIX II: PROCESSES 559
11 WINDOWS I: OBJECTS AND THE FILE SYSTEM 625
12 WINDOWS II: INTERPROCESS COMMUNICATION 685
13 SYNCHRONIZATION AND STATE 755
14 NETWORK PROTOCOLS 829
15 FIREWALLS 891
16 NETWORK APPLICATION PROTOCOLS 921
17 WEB APPLICATIONS 1007
18 WEB TECHNOLOGIES 1083
BIBLIOGRAPHY 1125
INDEX 1129
Screenshot
Purchase Now !
Just with Paypal
Just with Paypal
Product details
Price
|
|
|---|---|
File Size
| 12,917 KB |
Pages
|
1245 p |
File Type
|
PDF format |
ISBN
| 0-321-44442-6 (pbk. : alk. paper) |
Copyright
| 2007 Pearson Education, Inc |
Table of Contents
1. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
2. Table of Contents ................................... 8
3. Copyright .......................................................... 12
4. About the Authors .................................... 14
4.1 Preface .......................................... 14
5. Acknowledgments ............................................... 18
6. Part I: Introduction to Software Security Assessment
6.1 Chapter 1. Software Vulnerability Fundamentals
6.1.1 Introduction .............................................................................................................. 18
6.1.2 Vulnerabilities ........................................................................................................... 19
6.1.3 The Necessity of Auditing ......................................................................................... 24
6.1.4 Classifying Vulnerabilities ......................................................................................... 29
6.1.5 Common Threads ...................................................................................................... 32
6.1.6 Summary ................................................................................................................... 37
6.2 Chapter 2. Design Review
6.2.1 Introduction .............................................................................................................. 38
6.2.2 Software Design Fundamentals ................................................................................ 38
6.2.3 Enforcing Security Policy ........................................................................................... 49
6.2.4 Threat Modeling ....................................................................................................... 62
6.2.5 Summary ................................................................................................................... 79
6.3 Chapter 3. Operational Review
6.3.1 Introduction .............................................................................................................. 79
6.3.2 Exposure ................................................................................................................... 80
6.3.3 Web-Specific Considerations .................................................................................... 85
6.3.4 Protective Measures ................................................................................................. 88
6.3.5 Summary ................................................................................................................. 101
6.4 Chapter 4. Application Review Process
6.4.1 Introduction ............................................................................................................ 102
6.4.2 Overview of the Application Review Process.......................................................... 102
6.4.3 Preassessment ........................................................................................................ 104
6.4.4 Application Review ................................................................................................. 107
6.4.5 Documentation and Analysis .................................................................................. 116
6.4.6 Reporting and Remediation Support ...................................................................... 119
6.4.7 Code Navigation ...................................................................................................... 119
6.4.8 Code-Auditing Strategies ........................................................................................ 122
6.4.9 Code-Auditing Tactics ............................................................................................. 147
6.4.10 Code Auditor's Toolbox ......................................................................................... 161
6.4.11 Case Study: OpenSSH ............................................................................................ 173
6.4.12 Summary ............................................................................................................... 178
7. Part II: Software Vulnerabilities
7.1 Chapter 5. Memory Corruption
7.1.1 Introduction ............................................................................................................ 179
7.1.2 Buffer Overflows ..................................................................................................... 180
7.1.3 Shellcode ................................................................................................................. 199
7.1.4 Protection Mechanisms .......................................................................................... 202
7.1.5 Assessing Memory Corruption Impact ................................................................... 209
7.1.6 Summary ................................................................................................................. 215
7.2 Chapter 6. C Language Issues
7.2.1 Introduction ............................................................................................................ 215
7.2.2 C Language Background .......................................................................................... 216
7.2.3 Data Storage Overview ........................................................................................... 217
7.2.4 Arithmetic Boundary Conditions ............................................................................ 224
7.2.5 Type Conversions .................................................................................................... 236
7.2.6 Type Conversion Vulnerabilities .............................................................................. 262
7.2.7 Operators ................................................................................................................ 287
7.2.8 Pointer Arithmetic .................................................................................................. 294
7.2.9 Other C Nuances ..................................................................................................... 299
7.2.10 Summary ............................................................................................................... 314
7.3 Chapter 7. Program Building Blocks
7.3.1 Introduction ............................................................................................................ 314
7.3.2 Auditing Variable Use.............................................................................................. 315
7.3.3 Auditing Control Flow ............................................................................................. 343
7.3.4 Auditing Functions .................................................................................................. 356
7.3.5 Auditing Memory Management ............................................................................. 379
7.3.6 Summary ................................................................................................................. 403
7.4 Chapter 8. Strings and Metacharacters
7.4.1 Introduction ............................................................................................................ 403
7.4.2 C String Handling .................................................................................................... 404
7.4.3 Metacharacters ....................................................................................................... 423
7.4.4 Common Metacharacter Formats ........................................................................... 434
7.4.5 Metacharacter Filtering .......................................................................................... 452
7.4.6 Character Sets and Unicode .................................................................................... 464
7.4.7 Summary ................................................................................................................. 476
7.5 Chapter 9. UNIX I: Privileges and Files
7.5.1 Introduction ............................................................................................................ 477
7.5.2 UNIX 101 ................................................................................................................. 477
7.5.3 Privilege Model ....................................................................................................... 482
7.5.4 Privilege Vulnerabilities .......................................................................................... 496
7.5.5 File Security ............................................................................................................. 512
7.5.6 File Internals ........................................................................................................... 530
7.5.7 Links ........................................................................................................................ 534
7.5.8 Race Conditions ...................................................................................................... 544
7.5.9 Temporary Files ....................................................................................................... 557
7.5.10 The Stdio File Interface ......................................................................................... 566
7.5.11 Summary ............................................................................................................... 576
7.6 Chapter 10. UNIX II: Processes
7.6.1 Introduction ............................................................................................................ 576
7.6.2 Processes ................................................................................................................ 577
7.6.3 Program Invocation ................................................................................................. 582
7.6.4 Process Attributes ................................................................................................... 590
7.6.5 Interprocess Communication .................................................................................. 626
7.6.6 Remote Procedure Calls .......................................................................................... 633
7.6.7 Summary ................................................................................................................. 639
7.7 Chapter 11. Windows I: Objects and the File System
7.7.1 Introduction ............................................................................................................ 639
7.7.2 Background ............................................................................................................. 640
7.7.3 Objects .................................................................................................................... 642
7.7.4 Sessions................................................................................................................... 650
7.7.5 Security Descriptors ................................................................................................ 662
7.7.6 Processes and Threads............................................................................................ 669
7.7.7 File Access ............................................................................................................... 675
7.7.8 The Registry ............................................................................................................ 696
7.7.9 Summary ................................................................................................................. 700
7.8 Chapter 12. Windows II: Interprocess Communication
7.8.1 Introduction ............................................................................................................ 700
7.8.2 Windows IPC Security ............................................................................................. 701
7.8.3 Window Messaging................................................................................................. 705
7.8.4 Pipes........................................................................................................................ 713
7.8.5 Mailslots.................................................................................................................. 720
7.8.6 Remote Procedure Calls .......................................................................................... 721
7.8.7 COM ........................................................................................................................ 740
7.8.8 Summary ................................................................................................................. 770
7.9 Chapter 13. Synchronization and State
7.9.1 Introduction ............................................................................................................ 770
7.9.2 Synchronization Problems ...................................................................................... 770
7.9.3 Process Synchronization ......................................................................................... 776
7.9.4 Signals ..................................................................................................................... 797
7.9.5 Threads ................................................................................................................... 822
7.9.6 Summary ................................................................................................................. 837
8. Part III: Software Vulnerabilities in Practice
8.1 Chapter 14. Network Protocols
8.1.1 Introduction ............................................................................................................ 838
8.1.2 Internet Protocol ..................................................................................................... 840
8.1.3 User Datagram Protocol.......................................................................................... 871
8.1.4 Transmission Control Protocol ................................................................................ 873
8.1.5 Summary ................................................................................................................. 900
8.2 Chapter 15. Firewalls
8.2.1 Introduction ............................................................................................................ 900
8.2.2 Overview of Firewalls .............................................................................................. 901
8.2.3 Stateless Firewalls ................................................................................................... 906
8.2.4 Simple Stateful Firewalls ......................................................................................... 915
8.2.5 Stateful Inspection Firewalls ................................................................................... 919
8.2.6 Spoofing Attacks ..................................................................................................... 924
8.2.7 Summary ................................................................................................................. 931
8.3 Chapter 16. Network Application Protocols
8.3.1 Introduction ............................................................................................................ 931
8.3.2 Auditing Application Protocols ............................................................................... 932
8.3.3 Hypertext Transfer Protocol .................................................................................... 946
8.3.4 Internet Security Association and Key Management Protocol ............................... 957
8.3.5 Abstract Syntax Notation (ASN.1) ........................................................................... 980
8.3.6 Domain Name System............................................................................................. 992
8.3.7 Summary ............................................................................................................... 1013
8.4 Chapter 17. Web Applications
8.4.1 Introduction .......................................................................................................... 1013
8.4.2 Web Technology Overview ................................................................................... 1014
8.4.3 HTTP ...................................................................................................................... 1020
8.4.4 State and HTTP Authentication ............................................................................. 1034
8.4.5 Architecture .......................................................................................................... 1047
8.4.6 Problem Areas....................................................................................................... 1053
8.4.7 Common Vulnerabilities ....................................................................................... 1067
8.4.8 Harsh Realities of the Web ................................................................................... 1083
8.4.9 Auditing Strategy .................................................................................................. 1086
8.4.10 Summary ............................................................................................................. 1089
8.5 Chapter 18. Web Technologies
8.5.1 Introduction .......................................................................................................... 1089
8.5.2 Web Services and Service-Oriented Architecture ................................................. 1090
8.5.3 Web Application Platforms ................................................................................... 1092
8.5.4 CGI......................................................................................................................... 1092
8.5.5 Perl ........................................................................................................................ 1100
8.5.6 PHP........................................................................................................................ 1103
8.5.7 Java ....................................................................................................................... 1112
8.5.8 ASP ........................................................................................................................ 1119
8.5.9 ASP.NET ................................................................................................................. 1124
8.5.10 Summary ............................................................................................................. 1129
9. Bibliography ............................................................................................ 1130
10. Index ........................................................................................................ 1133
10.1 SYMBOL
10.2 A ..................................................................................................................................... 1133
10.3 B ..................................................................................................................................... 1142
10.4 C ..................................................................................................................................... 1144
10.5 D ..................................................................................................................................... 1154
10.6 E ..................................................................................................................................... 1158
10.7 F ..................................................................................................................................... 1161
10.8 G..................................................................................................................................... 1170
10.9 H..................................................................................................................................... 1171
10.10 I .................................................................................................................................... 1174
10.11 J .................................................................................................................................... 1179
10.12 K ................................................................................................................................... 1180
10.13 L ................................................................................................................................... 1180
10.14 M .................................................................................................................................. 1187
10.15 N .................................................................................................................................. 1190
10.16 O .................................................................................................................................. 1194
10.17 P ................................................................................................................................... 1198
10.18 Q .................................................................................................................................. 1206
10.19 R ................................................................................................................................... 1207
10.20 S ................................................................................................................................... 1211
10.21 T ................................................................................................................................... 1223
10.22 U .................................................................................................................................. 1228
10.23 V ................................................................................................................................... 1233
10.24 W ................................................................................................................................. 1236
10.25 X ................................................................................................................................... 1243
10.26 Y ................................................................................................................................... 1244
10.27 Z ................................................................................................................................... 1244
●▬▬▬▬▬❂❂❂▬▬▬▬▬●
●▬▬❂❂▬▬●
●▬❂▬●
●❂●
═════● ●═════
