Pedido: The Art of Soft. Sec. Assessment: Ident. and Prev. Soft.Vulnerabilities

Iniciado por 4l3j0, Enero 27, 2016, 12:38:18 PM

Tema anterior - Siguiente tema

0 Miembros y 2 Visitantes están viendo este tema.

Imprimir
Ir Abajo Páginas1
Acciones del Usuario
Enero 27, 2016, 12:38:18 PM Ultima modificación: Enero 27, 2016, 05:56:46 PM por Stiuvert
Saludos.

Quisiera saber si alguien conoce un libro sobre seguridad como este:

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities.

Pero que sea más actualizado, o sea tipo 2010 en adelante porque el que les digo es del año 2006 y pues 10 años en informática es bastante como sabemos.

*Dejo una copia de la tabla de contenido para que se hagan una idea de qué es lo que busco, no importa si es pdf o versión paga. Gracias.

Citar1. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities.... 6
2. Table of Contents... 8
3. Copyright ... 12
4. About the Authors ... 14
4.1 Preface ... 14
5. Acknowledgments ... 18
6. Part I: Introduction to Software Security Assessment................................................................ 18
6.1 Chapter 1. Software Vulnerability Fundamentals............................................................. 18
6.1.1 Introduction ... 18
6.1.2 Vulnerabilities ... 19
6.1.3 The Necessity of Auditing ......................................................................................... 24
6.1.4 Classifying Vulnerabilities ......................................................................................... 29
6.1.5 Common Threads... 32
6.1.6 Summary... 37
6.2 Chapter 2. Design Review................................................................................................. 38
6.2.1 Introduction ... 38
6.2.2 Software Design Fundamentals ................................................................................ 38
6.2.3 Enforcing Security Policy........................................................................................... 49
6.2.4 Threat Modeling ... 62
6.2.5 Summary... 79
6.3 Chapter 3. Operational Review......................................................................................... 79
6.3.1 Introduction ... 79
6.3.2 Exposure ... 80
6.3.3 Web-Specific Considerations .................................................................................... 85
6.3.4 Protective Measures ................................................................................................. 88
6.3.5 Summary... 101
6.4 Chapter 4. Application Review Process .......................................................................... 101
6.4.1 Introduction ... 102
6.4.2 Overview of the Application Review Process.......................................................... 102
6.4.3 Preassessment ... 104
6.4.4 Application Review ................................................................................................. 107
6.4.5 Documentation and Analysis .................................................................................. 116
6.4.6 Reporting and Remediation Support ...................................................................... 119
6.4.7 Code Navigation... 119
6.4.8 Code-Auditing Strategies ........................................................................................ 122
6.4.9 Code-Auditing Tactics ............................................................................................. 147
6.4.10 Code Auditor's Toolbox ......................................................................................... 161
6.4.11 Case Study: OpenSSH............................................................................................ 173
6.4.12 Summary... 178
7. Part II: Software Vulnerabilities ................................................................................................ 179
7.1 Chapter 5. Memory Corruption ...................................................................................... 179
The Art of Software Security Assessment - Identifying and Preventing Software Vulnerabilities
2
7.1.1 Introduction ... 179
7.1.2 Buffer Overflows ... 180
7.1.3 Shellcode... 199
7.1.4 Protection Mechanisms .......................................................................................... 202
7.1.5 Assessing Memory Corruption Impact ................................................................... 209
7.1.6 Summary... 215
7.2 Chapter 6. C Language Issues ......................................................................................... 215
7.2.1 Introduction ... 215
7.2.2 C Language Background.......................................................................................... 216
7.2.3 Data Storage Overview ........................................................................................... 217
7.2.4 Arithmetic Boundary Conditions ............................................................................ 224
7.2.5 Type Conversions ... 236
7.2.6 Type Conversion Vulnerabilities.............................................................................. 262
7.2.7 Operators... 287
7.2.8 Pointer Arithmetic .................................................................................................. 294
7.2.9 Other C Nuances... 299
7.2.10 Summary... 314
7.3 Chapter 7. Program Building Blocks................................................................................ 314
7.3.1 Introduction ... 314
7.3.2 Auditing Variable Use.............................................................................................. 315
7.3.3 Auditing Control Flow ............................................................................................. 343
7.3.4 Auditing Functions.................................................................................................. 356
7.3.5 Auditing Memory Management ............................................................................. 379
7.3.6 Summary... 403
7.4 Chapter 8. Strings and Metacharacters .......................................................................... 403
7.4.1 Introduction ... 403
7.4.2 C String Handling ... 404
7.4.3 Metacharacters... 423
7.4.4 Common Metacharacter Formats........................................................................... 434
7.4.5 Metacharacter Filtering .......................................................................................... 452
7.4.6 Character Sets and Unicode.................................................................................... 464
7.4.7 Summary... 476
7.5 Chapter 9. UNIX I: Privileges and Files............................................................................ 476
7.5.1 Introduction ... 477
7.5.2 UNIX 101 ... 477
7.5.3 Privilege Model... 482
7.5.4 Privilege Vulnerabilities .......................................................................................... 496
7.5.5 File Security... 512
7.5.6 File Internals ... 530
7.5.7 Links ... 534
7.5.8 Race Conditions ... 544
7.5.9 Temporary Files... 557
7.5.10 The Stdio File Interface ......................................................................................... 566
7.5.11 Summary... 576
The Art of Software Security Assessment - Identifying and Preventing Software Vulnerabilities
3
7.6 Chapter 10. UNIX II: Processes ....................................................................................... 576
7.6.1 Introduction ... 576
7.6.2 Processes ... 577
7.6.3 Program Invocation................................................................................................. 582
7.6.4 Process Attributes................................................................................................... 590
7.6.5 Interprocess Communication.................................................................................. 626
7.6.6 Remote Procedure Calls.......................................................................................... 633
7.6.7 Summary... 639
7.7 Chapter 11. Windows I: Objects and the File System..................................................... 639
7.7.1 Introduction ... 639
7.7.2 Background ... 640
7.7.3 Objects... 642
7.7.4 Sessions... 650
7.7.5 Security Descriptors................................................................................................ 662
7.7.6 Processes and Threads............................................................................................ 669
7.7.7 File Access... 675
7.7.8 The Registry ... 696
7.7.9 Summary... 700
7.8 Chapter 12. Windows II: Interprocess Communication.................................................. 700
7.8.1 Introduction ... 700
7.8.2 Windows IPC Security ............................................................................................. 701
7.8.3 Window Messaging................................................................................................. 705
7.8.4 Pipes... 713
7.8.5 Mailslots... 720
7.8.6 Remote Procedure Calls.......................................................................................... 721
7.8.7 COM ... 740
7.8.8 Summary... 770
7.9 Chapter 13. Synchronization and State........................................................................... 770
7.9.1 Introduction ... 770
7.9.2 Synchronization Problems ...................................................................................... 770
7.9.3 Process Synchronization ......................................................................................... 776
7.9.4 Signals ... 797
7.9.5 Threads ... 822
7.9.6 Summary... 837
8. Part III: Software Vulnerabilities in Practice ............................................................................. 838
8.1 Chapter 14. Network Protocols ...................................................................................... 838
8.1.1 Introduction ... 838
8.1.2 Internet Protocol... 840
8.1.3 User Datagram Protocol.......................................................................................... 871
8.1.4 Transmission Control Protocol ................................................................................ 873
8.1.5 Summary... 900
8.2 Chapter 15. Firewalls ... 900
8.2.1 Introduction ... 900
8.2.2 Overview of Firewalls.............................................................................................. 901
The Art of Software Security Assessment - Identifying and Preventing Software Vulnerabilities
4
8.2.3 Stateless Firewalls................................................................................................... 906
8.2.4 Simple Stateful Firewalls......................................................................................... 915
8.2.5 Stateful Inspection Firewalls................................................................................... 919
8.2.6 Spoofing Attacks ... 924
8.2.7 Summary... 931
8.3 Chapter 16. Network Application Protocols ................................................................... 931
8.3.1 Introduction ... 931
8.3.2 Auditing Application Protocols ............................................................................... 932
8.3.3 Hypertext Transfer Protocol.................................................................................... 946
8.3.4 Internet Security Association and Key Management Protocol ............................... 957
8.3.5 Abstract Syntax Notation (ASN.1) ........................................................................... 980
8.3.6 Domain Name System............................................................................................. 992
8.3.7 Summary... 1013
8.4 Chapter 17. Web Applications ...................................................................................... 1013
8.4.1 Introduction ... 1013
8.4.2 Web Technology Overview ................................................................................... 1014
8.4.3 HTTP... 1020
8.4.4 State and HTTP Authentication............................................................................. 1034
8.4.5 Architecture ... 1047
8.4.6 Problem Areas... 1053
8.4.7 Common Vulnerabilities ....................................................................................... 1067
8.4.8 Harsh Realities of the Web ................................................................................... 1083
8.4.9 Auditing Strategy .................................................................................................. 1086
8.4.10 Summary... 1089
8.5 Chapter 18. Web Technologies ..................................................................................... 1089
8.5.1 Introduction ... 1089
8.5.2 Web Services and Service-Oriented Architecture................................................. 1090
8.5.3 Web Application Platforms ................................................................................... 1092
8.5.4 CGI... 1092
8.5.5 Perl... 1100
8.5.6 PHP... 1103
8.5.7 Java ... 1112
8.5.8 ASP ... 1119
8.5.9 No tienes permitido ver los links. Registrarse o Entrar a mi cuenta ... 1124
8.5.10 Summary... 1129
9. Bibliography ... 1130
Enero 27, 2016, 05:56:12 PM #1 Ultima modificación: Enero 27, 2016, 07:23:30 PM por rollth
Quizás esto te resulte útil:

No tienes permitido ver los links. Registrarse o Entrar a mi cuenta
No tienes permitido ver los links. Registrarse o Entrar a mi cuenta

Saludos
Imprimir
Ir Arriba Páginas1
Acciones del Usuario