Home Page Icon
Home Page
Table of Contents for
I. Contemporary Security
Close
I. Contemporary Security
by Michael Howard and David LeBlanc
Writing Secure Code
Writing Secure Code
A Note Regarding Supplemental Files
Copyright
Dedication
Introduction
Who Should Read This Book
Organization of This Book
Installing and Using the Sample Files
System Requirements
Support Information
Acknowledgments
I. Contemporary Security
1. The Need for Secure Systems
Applications on the Wild Wild Web
The Need for Trustworthy Computing
Getting Everyone’s Head in the Game
Using Tact to Sell Security to the Organization
Secure Products Are Quality Products
The Media (and Your Competition) Leap on Security Issues
People Shy Away from Products That Don’t Work As Advertised
Don’t Be a Victim
Security Vulnerabilities Are Expensive to Fix
Using Subversion
Some Ideas for Instilling a Security Culture
Get the Boss to Send an E-Mail
Nominate a Security Evangelist
Stay Abreast of Security Issues
Interviewing Security People
Provide Ongoing Security Education
Provide Bug Triaging
The Attacker’s Advantage and the Defender’s Dilemma
Principle #1: The defender must defend all points; the attacker can choose the weakest point.
Principle #2: The defender can defend only against known attacks; the attacker can probe for unknown vulnerabilities.
Principle #3: The defender must be constantly vigilant; the attacker can strike at will.
Principle #4: The defender must play by the rules; the attacker can play dirty.
Summary
2. The Proactive Security Development Process
Process Improvements
The Role of Education
Resistance to Mandatory Training
Ongoing Training
Advancing the Science of Security
Education Proves the More Eyes Fallacy
Now the Evidence!
Design Phase
Security Questions During Interviews
Define the Product Security Goals
Security Is a Product Feature
Making Time for Security
Threat Modeling Leads to Secure Design
Build End-of-Life Plans for Insecure Features
Setting the Bug Bar
Security Team Review
Development Phase
Be Hardcore About Who Can Check In New Code (Check-Ins Checked)
Security Peer Review of New Code (Check-Ins Checked)
Define Secure Coding Guidelines
Review Old Defects
External Security Review
Security Push
Be Mindful of Your Bug Counts
Keep Track of Bug Metrics
No Surprises and No Easter Eggs!
Test Phase
Shipping and Maintenance Phases
How Do You Know When You’re Done?
Response Process
Accountability
Summary
3. Security Principles to Live By
SD3: Secure by Design, by Default, and in Deployment
Secure by Design
Secure by Default
Secure in Deployment
Security Principles
Learn from Mistakes
Minimize Your Attack Surface
Employ Secure Defaults
Use Defense in Depth
Use Least Privilege
Separation of Privilege
Backward Compatibility Will Always Give You Grief
Assume External Systems Are Insecure
Plan on Failure
Fail to a Secure Mode
Remember That Security Features != Secure Features
Never Depend on Security Through Obscurity Alone
Don’t Mix Code and Data
Fix Security Issues Correctly
Summary
4. Threat Modeling
Secure Design Through Threat Modeling
Assemble the Threat-Modeling Team
Decompose the Application
Formally Decomposing the Application
Determine the Threats to the System
Using STRIDE to Categorize Threats
Threat Trees
Small enhancements to make threat trees more readable
Items to Note While Threat Modeling
Rank the Threats by Decreasing Risk
Using DREAD to Calculate Risk
Bringing It All Together: Decomposition, Threat Trees, STRIDE, and DREAD
Bubbling Up the Overall Risk
Going Over the Threat-Modeling Process One More Time
Choose How to Respond to the Threats
Option One: Do Nothing
Option Two: Warn the User
Option Three: Remove the Problem
Option Four: Fix the Problem
Choose Techniques to Mitigate the Threats
Security Techniques
Authentication
Basic Authentication
Digest Authentication
Forms-Based Authentication
Microsoft Passport
Windows Authentication
NTLM authentication
Kerberos v5 authentication
X.509 Certificate Authentication
IPSec
RADIUS
Authorization
Access Control Lists
Privileges
IP Restrictions
Server-Specific Permissions
Tamper-Resistant and Privacy-Enhanced Technologies
SSL/TLS
IPSec
DCOM and RPCs
Encrypting File System
Protect Secrets, or Better Yet, Don’t Store Secrets
Encryption, Hashes, MACs, and Digital Signatures
Auditing
Filtering, Throttling, and Quality of Service
Least Privilege
Mitigating the Sample Payroll Application Threats
A Cornucopia of Threats and Solutions
Summary
II. Secure Coding Techniques
5. Public Enemy #1: The Buffer Overrun
Stack Overruns
Heap Overruns
Array Indexing Errors
Format String Bugs
Unicode and ANSI Buffer Size Mismatches
A Real Unicode Bug Example
Preventing Buffer Overruns
Safe String Handling
strcpy
strncpy
sprintf
_snprintf
Standard Template Library Strings
gets and fgets
Using Strsafe.h
A Word of Caution About String-Handling Functions
The Visual C++ .NET /GS Option
Summary
6. Determining Appropriate Access Control
Why ACLs Are Important
A Diversion: Fixing the Registry Code
What Makes Up an ACL?
A Method of Choosing Good ACLs
Effective Deny ACEs
Creating ACLs
Creating ACLs in Windows NT 4
Creating ACLs in Windows 2000
Creating ACLs with Active Template Library
Getting the ACE Order Right
Be Wary of the Terminal Server and Remote Desktop SIDs
NULL DACLs and Other Dangerous ACE Types
NULL DACLs and Auditing
Dangerous ACE Types
Everyone (WRITE_DAC)
Everyone (WRITE_OWNER)
Everyone (FILE_ADD_FILE)
Everyone (DELETE)
Everyone (FILE_DELETE_CHILD)
Everyone (GENERIC_ALL)
What If I Can’t Change the NULL DACL?
Other Access Control Mechanisms
.NET Framework Roles
COM+ Roles
IP Restrictions
SQL Server Triggers and Permissions
A Medical Example
An Important Note About Access Control Mechanisms
Summary
7. Running with Least Privilege
Least Privilege in the Real World
Viruses and Trojans
Back Orifice
SubSeven
FunLove Virus
ILoveYou Virus
Web Server Defacements
Brief Overview of Access Control
Brief Overview of Privileges
SeBackupPrivilege Issues
SeRestorePrivilege Issues
SeDebugPrivilege Issues
SeTcbPrivilege Issues
SeAssignPrimaryTokenPrivilege and SeIncreaseQuotaPrivilege Issues
SeLoadDriverPrivilege Issues
SeRemoteShutdownPrivilege Issues
SeTakeOwnershipPrivilege Issues
Brief Overview of Tokens
How Tokens, Privileges, SIDs, ACLs, and Processes Relate
SIDs and Access Checks, Privileges and Privilege Checks
Three Reasons Applications Require Elevated Privileges
ACL Issues
Opening Resources for GENERIC_ALL
Privilege Issue
Using LSA Secrets
Solving the Elevated Privileges Issue
Solving ACL Issues
Solving Privilege Issues
Solving LSA Issues
A Process for Determining Appropriate Privilege
Step 1: Find Resources Used by the Application
Step 2: Find Privileged APIs Used by the Application
Step 3: Which Account Is Required?
Step 4: Get the Token Contents
Step 5: Are All the SIDs and Privileges Required?
Step 6: Adjust the Token
Allow Less-Privileged Accounts to Run Your Application
Use Restricted Tokens
Removing privileges
Specifying restricting SIDs
Applying a deny-only attribute to SIDs
When to Use Restricted Tokens
Restricted Token Sample Code
Software Restriction Policies and Windows XP
Permanently Removing Unneeded Privileges
Low-Privilege Service Accounts in Windows XP and Windows .NET Server 2003
The Impersonate Privilege and Windows .NET Server 2003
Debugging Least-Privilege Issues
Why Applications Fail as a Normal User
How to Determine Why Applications Fail
The Windows Event Viewer
RegMon and FileMon
Summary
8. Cryptographic Foibles
Using Poor Random Numbers
The Problem: rand
Cryptographically Random Numbers in Win32
Cryptographically Random Numbers in Managed Code
Cryptographically Random Numbers in Web Pages
Using Passwords to Derive Cryptographic Keys
Measuring the Effective Bit Size of a Password
Key Management Issues
Long-Term and Short-Term Keys
Use Appropriate Key Lengths to Protect Data
Keep Keys Close to the Source
The CryptGenKey and CryptExportKey Functions
Key Exchange Issues
Creating Your Own Cryptographic Functions
Using the Same Stream-Cipher Encryption Key
Why People Use Stream Ciphers
The Pitfalls of Stream Ciphers
What If You Must Use the Same Key?
Bit-Flipping Attacks Against Stream Ciphers
Solving Bit-Flipping Attacks
When to Use a Hash, Keyed Hash, or Digital Signature
Creating a Keyed Hash
Forgetting to use a key
Using the same key to encrypt data and key-hash data
Basing K2 on K1
Creating a Keyed Hash
Creating a Digital Signature
Reusing a Buffer for Plaintext and Ciphertext
Using Crypto to Mitigate Threats
Document Your Use of Cryptography
Summary
9. Protecting Secret Data
Attacking Secret Data
Sometimes You Don’t Need to Store a Secret
Creating a Salted Hash
Using PKCS #5 to Make the Attacker’s Job Harder
Getting the Secret from the User
Protecting Secrets in Windows 2000 and Later
A Special Case: Client Credentials in Windows XP
Protecting Secrets in Windows NT 4
Protecting Secrets in Windows 95, Windows 98, Windows Me, and Windows CE
Getting Device Details Using PnP
Not Opting for a Least Common Denominator Solution
Managing Secrets in Memory
A Compiler Optimization Caveat
Encrypting Secret Data in Memory
Locking Memory to Prevent Paging Sensitive Data
Protecting Secret Data in Managed Code
Managing Secrets in Memory in Managed Code
Raising the Security Bar
Storing the Data in a File on a FAT File System
Using an Embedded Key and XOR to Encode the Data
Using an Embedded Key and 3DES to Encrypt the Data
Using 3DES to Encrypt the Data and Storing a Password in the Registry
Using 3DES to Encrypt the Data and Storing a Strong Key in the Registry
Using 3DES to Encrypt the Data, Storing a Strong Key in the Registry, and ACLing the File and the Registry Key
Using 3DES to Encrypt the Data, Storing a Strong Key in the Registry, Requiring the User to Enter a Password, and ACLing the File and the Registry Key
Trade-Offs When Protecting Secret Data
Summary
10. All Input Is Evil!
The Issue
Misplaced Trust
A Strategy for Defending Against Input Attacks
How to Check Validity
Tainted Variables in Perl
Using Regular Expressions for Checking Input
Be Careful of What You Find—Did You Mean to Validate?
Regular Expressions and Unicode
A Regular Expression Rosetta Stone
Regular Expressions in Perl
Regular Expressions in Managed Code
C# Example
Visual Basic .NET Example
Managed C++ Example
Regular Expressions in Script
Regular Expressions in C++
A Best Practice That Does Not Use Regular Expressions
Summary
11. Canonical Representation Issues
What Does Canonical Mean, and Why Is It a Problem?
Canonical Filename Issues
Bypassing Napster Name Filtering
Vulnerability in Apple Mac OS X and Apache
DOS Device Names Vulnerability
Sun Microsystems StarOffice /tmp Directory Symbolic-Link Vulnerability
Common Windows Canonical Filename Mistakes
8.3 Representation of Long Filenames
NTFS Alternate Data Streams
Trailing Characters
\? Format
Directory Traversal and Using Parent Paths (..)
Walking out of the current directory
Will the real filename please stand up?
Absolute vs. Relative Filenames
Case-Insensitive Filenames
UNC Shares
When Is a File Not a File? Mailslots and Named Pipes
When Is a File Not a File? Device Names and Reserved Names
Canonical Web-Based Issues
Bypassing AOL Parental Controls
Bypassing eEye’s Security Checks
Zones and the Internet Explorer 4 "Dotless-IP Address" Bug
Internet Information Server 4.0 ::$DATA Vulnerability
When is a Line Really Two Lines?
Yet Another Web Issue—Escaping
7-Bit and 8-Bit ASCII
Hexadecimal Escape Codes
UTF-8 Variable-Width Encoding
How UTF-8 Encodes Data
UCS-2 Unicode Encoding
Double Encoding
HTML Escape Codes
Visual Equivalence Attacks and the Homograph Attack
Preventing Canonicalization Mistakes
Don’t Make Decisions Based on Names
Use a Regular Expression to Restrict What’s Allowed in a Name
Stopping 8.3 Filename Generation
Don’t Trust the PATH—Use Full Path Names
Attempt to Canonicalize the Name
Calling CreateFile Safely
Web-Based Canonicalization Remedies
Restrict What Is Valid Input
Be Careful When Dealing with UTF-8
ISAPIs—Between a Rock and a Hard Place
A Final Thought: Non-File-Based Canonicalization Issues
Server Names
Usernames
Summary
12. Database Input Issues
The Issue
Pseudoremedy #1: Quoting the Input
Pseudoremedy #2: Use Stored Procedures
Remedy #1: Never Ever Connect as sysadmin
Remedy #2: Building SQL Statements Securely
Building SQL Stored Procedures Securely
An In-Depth Defense in Depth Example
Summary
13. Web-Specific Input Issues
Cross-Site Scripting: When Output Turns Bad
Sometimes the Attacker Doesn’t Need a <SCRIPT> Block
The Attacker Doesn’t Need the User to Click a Link!
Other XSS-Related Attacks
XSS Attacks Against Local Files
HTML Help Files
XSS Attacks Against HTML Resources
XSS Remedies
Encoding Output
Adding Double Quotes Around All Tag Properties
Inserting Data in the innerText Property
Forcing the Codepage
The Internet Explorer 6.0 SP1 HttpOnly Cookie Option
Internet Explorer "Mark of the Web"
Internet Explorer <FRAME SECURITY> Attribute
ASP.NET 1.1 ValidateRequest configuration option
Don’t Look for Insecure Constructs
But I Want Users to Post HTML to My Web Site!
How to Review Code for XSS Bugs
Other Web-Based Security Topics
eval() Can Be Bad
HTTP Trust Issues
REFERER Errors
ISAPI Applications and Filters
Sensitive Data in Cookies and Fields
Be Wary of "Predictable Cookies"
SSL/TLS Client Issues
Summary
14. Internationalization Issues
The Golden I18N Security Rules
Use Unicode in Your Application
Prevent I18N Buffer Overruns
Words and Bytes
Validate I18N
Visual Validation
Do Not Validate Strings with LCMapString
Use CreateFile to Validate Filenames
Character Set Conversion Issues
Use MultiByteToWideChar with MB_PRECOMPOSED and MB_ERR_INVALID_CHARS
Use WideCharToMultiByte with WC_NO_BEST_FIT_CHARS
Comparison and Sorting
Unicode Character Properties
Normalization
Summary
III. Even More Secure Coding Techniques
15. Socket Security
Avoiding Server Hijacking
TCP Window Attacks
Choosing Server Interfaces
Accepting Connections
Writing Firewall-Friendly Applications
Use One Connection to Do the Job
Don’t Require the Server to Connect Back to the Client
Use Connection-Based Protocols
Don’t Multiplex Your Application over Another Protocol
Don’t Embed Host IP Addresses in Application-Layer Data
Make Your Application Configurable
Spoofing and Host-Based and Port-Based Trust
IPv6 Is Coming!
Summary
16. Securing RPC, ActiveX Controls, and DCOM
An RPC Primer
What Is RPC?
Creating RPC Applications
Compiling the Code
How RPC Applications Communicate
Context Handles and State
Secure RPC Best Practices
Use the /robust MIDL Switch
Use the [range] Attribute
Require Authenticated Connections
Client-Side Settings
Server-Side Settings
A Note Regarding Kerberos Support
Performance of Different Security Settings
Use Packet Privacy and Integrity
Use Strict Context Handles
Don’t Rely on Context Handles for Access Checks
Be Wary of NULL Context Handles
Don’t Trust Your Peer
Use Security Callbacks
Implications of Multiple RPC Servers in a Single Process
Consider Adding an Annotation for Your Endpoint
Use Mainstream Protocols
Secure DCOM Best Practices
DCOM Basics
Application-Level Security
DCOM User Contexts
Run as the Launching User
Run as the Interactive User
Run as the Local System Account
Run as a Specific User
Programmatic Security
Sources and Sinks
An ActiveX Primer
Secure ActiveX Best Practices
What ActiveX Components Are Safe for Initialization and Safe for Scripting?
Best Practices for Safe for Initialization and Scripting
Is Your Control Safe?
Limit Domain Usage
Using SiteLock
Setting the Kill Bit
Summary
17. Protecting Against Denial of Service Attacks
Application Failure Attacks
CPU Starvation Attacks
Memory Starvation Attacks
Resource Starvation Attacks
Network Bandwidth Attacks
Summary
18. Writing Secure .NET Code
Code Access Security: In Pictures
FxCop: A "Must-Have" Tool
Assemblies Should Be Strong-Named
Strong-Named Assemblies and ASP.NET
Specify Assembly Permission Requirements
Request Minimal Permission Set
Refuse Unneeded Permissions
Request Optional Permissions
Overzealous Use of Assert
Further Information Regarding Demand and Assert
Keep the Assertion Window Small
Demands and Link Demands
An Example LinkDemand Security Bug
Use SuppressUnmanagedCodeSecurityAttribute with Caution
Remoting Demands
Limit Who Uses Your Code
No Sensitive Data in XML or Configuration Files
Review Assemblies That Allow Partial Trust
Check Managed Wrappers to Unmanaged Code for Correctness
Issues with Delegates
Issues with Serialization
The Role of Isolated Storage
Disable Tracing and Debugging Before Deploying ASP.NET Applications
Do Not Issue Verbose Error Information Remotely
Deserializing Data from Untrusted Sources
Don’t Tell the Attacker Too Much When You Fail
Summary
IV. Special Topics
19. Security Testing
The Role of the Security Tester
Security Testing Is Different
Building Security Test Plans from a Threat Model
Decompose the Application
Identify the Component Interfaces
Rank the Interfaces by Potential Vulnerability
Ascertain the Data Structures Used by Each Interface
Attacking Applications with STRIDE
Attacking with Data Mutation
The Data and the Container
Perturbing the container
Perturbing the data
Random data
Partially incorrect data
Taking it further—use different sizes
Special Characters
On-the-Wire Attacks
Before Testing
Building Tools to Find Flaws
Testing Sockets-Based Applications
Testing HTTP-Based Server Applications
Testing Named Pipes Applications
Testing COM, DCOM, ActiveX, and RPC Applications
Testing ActiveX Controls in <OBJECT> tags
Testing File-Based Applications
Testing Registry-Based Applications
Testing Command Line Arguments
Testing XML Payloads
Testing SOAP Services
Testing for Cross-Site Scripting and Script-Injection Bugs
Testing Clients with Rogue Servers
Should a User See or Modify That Data?
Testing with Security Templates
When You Find a Bug, You’re Not Done!
Test Code Should Be of Great Quality
Test the End-to-End Solution
Determining Attack Surface
Determine Root Attack Vectors
Determine Bias For Attack Vectors
Count the Biased Vectors in the Product
Summary
20. Performing a Security Code Review
Dealing with Large Applications
A Multiple-Pass Approach
Low-Hanging Fruit
Integer Overflows
A Related Issue: Integer Underflows
Checking Returns
Perform an Extra Review of Pointer Code
Never Trust the Data
Summary
21. Secure Software Installation
Principle of Least Privilege
Clean Up After Yourself!
Using the Security Configuration Editor
Low-Level Security APIs
Using the Windows Installer
Summary
22. Building Privacy into Your Application
Malicious vs. Annoying Invasions of Privacy
Major Privacy Legislation
Personally Identifiable Information
The EU Directives on Data Protection
Safe Harbor Principles
Notice
Choice
Onward Transfer
Access
Security
Data Integrity
Enforcement
Other Privacy Legislation
Privacy vs. Security
Building a Privacy Infrastructure
The Role of the Chief Privacy Officer
The Role of the Privacy Advocate
Designing Privacy-Aware Applications
Including Privacy in the Development Process
Privacy Specification Template
Privacy Review Template
Privacy Policy Statement
P3P Content
Exploring Privacy Features
Implementing P3P
Privacy for Client-Side Applications
Cover Your Tracks
Don’t Phone Home
Protecting the Application from the Application Users
Limiting access to your application
Leaving a paper trail
Privacy Through Obfuscation and Encryption
Protecting the Transfer of Data
Putting the Pieces Together
Summary
23. General Good Practices
Don’t Tell the Attacker Anything
Service Best Practices
Security, Services, and the Interactive Desktop
Service Account Guidelines
LocalSystem
Network Service
LocalService
Domain Accounts
Local Accounts
Don’t Leak Information in Banner Strings
Be Careful Changing Error Messages in Fixes
Double-Check Your Error Paths
Keep It Turned Off!
Kernel-Mode Mistakes
High-Level Security Issues
Handles
Symbolic Links
Quota
Serialization Primitives
Buffer-Handling Issues
IRP Cancellation
Add Security Comments to Code
Leverage the Operating System
Don’t Rely on Users Making Good Decisions
Calling CreateProcess Securely
Do Not Pass NULL for lpApplicationName
Use Quotes Around the Path to Executable in lpCommandLine
Don’t Create Shared/Writable Segments
In a .def File
In a .h* or .c* File
On the Linker Command Line
Using Impersonation Functions Correctly
Don’t Write User Files to Program Files
Don’t Write User Data to HKLM
Don’t Open Objects for FULL_CONTROL or ALL_ACCESS
Object Creation Mistakes
Care and Feeding of CreateFile
Creating Temporary Files Securely
Implications of Setup Programs and EFS
File System Reparse Point Issues
Client-Side Security Is an Oxymoron
Samples Are Templates
Dogfood Your Stuff!
You Owe It to Your Users If…
Determining Access Based on an Administrator SID
Allow Long Passwords
Be Careful with _alloca
ATL Conversion Macros
Don’t Embed Corporate Names
Move Strings to a Resource DLL
Application Logging
Migrate Dangerous C/C++ to Managed Code
24. Writing Security Documentation and Error Messages
Security Issues in Documentation
The Basics
Threat Mitigation Through Documentation
Documenting Security Best Practices
Threat #4: ISOAP_xxx Account Has Many Privileges
Threat #13: Client <-- --> Server Communication Is Insecure
Threat #14: By Default, SOAP-Server Is Accessible to Everyone
Threat #19: Most of Our Testing Is with Single-Purpose Servers
Security Issues in Error Messages
A Typical Security Message
Information Disclosure Issues
Informed Consent
Progressive Disclosure
Be Specific
Consider Not Asking the Question
Usability Test Your Security Messages
A Note When Reviewing Product Specifications
Security Usability
Summary
V. Appendixes
A. Dangerous APIs
APIs with Buffer Overrun Issues
strcpy, wcscpy, lstrcpy, _tcscpy, and _mbscpy
strcat, wcscat, lstrcat, _tcscat, and _mbscat
strncpy, wcsncpy, _tcsncpy, lstrcpyn, and _mbsnbcpy
strncat, wcsncat, _tcsncat, and _mbsnbcat
memcpy and CopyMemory
sprintf and swprintf
_snprintf and _snwprintf
printf family
strlen, _tcslen, _mbslen, and wcslen
gets
scanf("%s",…), _tscanf, and wscanf
Standard Template Library stream operator (>>)
MultiByteToWideChar
_mbsinc, _mbsdec, _mbsncat, _mbsncpy, _mbsnextc, _mbsnset, _mbsrev, _mbsset, _mbsstr, _mbstok, _mbccpy, and _mbslen
APIs with Name-Squatting Issues
CreateDirectory, CreateEvent, CreateFile, CreateFileMapping, CreateHardLink, CreateJobObject, CreateMailslot, CreateMutex, CreateNamedPipe, CreateSemaphore, CreateWaitableTimer, MoveFile, and classe
APIs with Trojaning Issues
CreateProcess(NULL,…), CreateProcessAsUser, and CreateProcessWithLogon
WinExec and ShellExecute
LoadLibrary, LoadLibraryEx, and SearchPath
Windows Styles and Control Types
TB_GETBUTTONTEXT, LVM_GETISEARCHSTRING, and TVM_GETISEARCHSTRING
TTM_GETTEXT
CB_GETLBTEXT, CB_GETLBTEXTLEN, SB_GETTEXT, SB_GETTEXTLENGTH, SB_GETTIPTEXT, LB_GETTEXT, and LB_GETTEXTLEN
ES_PASSWORD
Impersonation APIs
SetSecurityDescriptorDacl(…,…,NULL,…)
APIs with Denial of Service Issues
InitializeCriticalSection and EnterCriticalSection
_alloca and related functions and macros
TerminateThread and TerminateProcess
Networking API Issues
bind
recv
send
NetApi32 calls
Miscellaneous APIs
IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, IsBadStringPtr, IsBadHugeReadPtr, and IsBadHugeWritePtr
CopyFile and MoveFile
B. Ridiculous Excuses We’ve Heard
No one will do that!
Why would anyone do that?
We’ve never been attacked.
We’re secure—we use cryptography.
We’re secure—we use ACLs.
We’re secure—we use a firewall.
We’ve reviewed the code, and there are no security bugs.
We know it’s the default, but the administrator can turn it off.
If we don’t run as administrator, stuff breaks.
But we’ll slip the schedule!
It’s not exploitable!
But that’s the way we’ve always done it.
If only we had better tools….
C. A Designer’s Security Checklist
D. A Developer’s Security Checklist
General
Web and Database-Specific
RPC
ActiveX, COM, and DCOM
Crypto and Secret Management
Managed Code
E. A Tester’s Security Checklist
A Final Thought
F. Annotated Bibliography
G. About the Author
About the Authors
Copyright
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Introduction
Next
Next Chapter
1. The Need for Secure Systems
Part I. Contemporary Security
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset