Pedido: The Art of Soft. Sec. Assessment: Ident. and Prev. Soft.Vulnerabilities

Iniciado por 4l3j0, Enero 27, 2016, 12:38:18 PM

Tema anterior - Siguiente tema

0 Miembros y 1 Visitante están viendo este tema.

Imprimir
Ir Abajo Páginas1
Acciones del Usuario
Enero 27, 2016, 12:38:18 PM Ultima modificación: Enero 27, 2016, 05:56:46 PM por Stiuvert
Saludos.

Quisiera saber si alguien conoce un libro sobre seguridad como este:

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities.

Pero que sea más actualizado, o sea tipo 2010 en adelante porque el que les digo es del año 2006 y pues 10 años en informática es bastante como sabemos.

*Dejo una copia de la tabla de contenido para que se hagan una idea de qué es lo que busco, no importa si es pdf o versión paga. Gracias.

Citar1. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities.... 6
2. Table of Contents... 8
3. Copyright ... 12
4. About the Authors ... 14
4.1 Preface ... 14
5. Acknowledgments ... 18
6. Part I: Introduction to Software Security Assessment................................................................ 18
6.1 Chapter 1. Software Vulnerability Fundamentals............................................................. 18
6.1.1 Introduction ... 18
6.1.2 Vulnerabilities ... 19
6.1.3 The Necessity of Auditing ......................................................................................... 24
6.1.4 Classifying Vulnerabilities ......................................................................................... 29
6.1.5 Common Threads... 32
6.1.6 Summary... 37
6.2 Chapter 2. Design Review................................................................................................. 38
6.2.1 Introduction ... 38
6.2.2 Software Design Fundamentals ................................................................................ 38
6.2.3 Enforcing Security Policy........................................................................................... 49
6.2.4 Threat Modeling ... 62
6.2.5 Summary... 79
6.3 Chapter 3. Operational Review......................................................................................... 79
6.3.1 Introduction ... 79
6.3.2 Exposure ... 80
6.3.3 Web-Specific Considerations .................................................................................... 85
6.3.4 Protective Measures ................................................................................................. 88
6.3.5 Summary... 101
6.4 Chapter 4. Application Review Process .......................................................................... 101
6.4.1 Introduction ... 102
6.4.2 Overview of the Application Review Process.......................................................... 102
6.4.3 Preassessment ... 104
6.4.4 Application Review ................................................................................................. 107
6.4.5 Documentation and Analysis .................................................................................. 116
6.4.6 Reporting and Remediation Support ...................................................................... 119
6.4.7 Code Navigation... 119
6.4.8 Code-Auditing Strategies ........................................................................................ 122
6.4.9 Code-Auditing Tactics ............................................................................................. 147
6.4.10 Code Auditor's Toolbox ......................................................................................... 161
6.4.11 Case Study: OpenSSH............................................................................................ 173
6.4.12 Summary... 178
7. Part II: Software Vulnerabilities ................................................................................................ 179
7.1 Chapter 5. Memory Corruption ...................................................................................... 179
The Art of Software Security Assessment - Identifying and Preventing Software Vulnerabilities
2
7.1.1 Introduction ... 179
7.1.2 Buffer Overflows ... 180
7.1.3 Shellcode... 199
7.1.4 Protection Mechanisms .......................................................................................... 202
7.1.5 Assessing Memory Corruption Impact ................................................................... 209
7.1.6 Summary... 215
7.2 Chapter 6. C Language Issues ......................................................................................... 215
7.2.1 Introduction ... 215
7.2.2 C Language Background.......................................................................................... 216
7.2.3 Data Storage Overview ........................................................................................... 217
7.2.4 Arithmetic Boundary Conditions ............................................................................ 224
7.2.5 Type Conversions ... 236
7.2.6 Type Conversion Vulnerabilities.............................................................................. 262
7.2.7 Operators... 287
7.2.8 Pointer Arithmetic .................................................................................................. 294
7.2.9 Other C Nuances... 299
7.2.10 Summary... 314
7.3 Chapter 7. Program Building Blocks................................................................................ 314
7.3.1 Introduction ... 314
7.3.2 Auditing Variable Use.............................................................................................. 315
7.3.3 Auditing Control Flow ............................................................................................. 343
7.3.4 Auditing Functions.................................................................................................. 356
7.3.5 Auditing Memory Management ............................................................................. 379
7.3.6 Summary... 403
7.4 Chapter 8. Strings and Metacharacters .......................................................................... 403
7.4.1 Introduction ... 403
7.4.2 C String Handling ... 404
7.4.3 Metacharacters... 423
7.4.4 Common Metacharacter Formats........................................................................... 434
7.4.5 Metacharacter Filtering .......................................................................................... 452
7.4.6 Character Sets and Unicode.................................................................................... 464
7.4.7 Summary... 476
7.5 Chapter 9. UNIX I: Privileges and Files............................................................................ 476
7.5.1 Introduction ... 477
7.5.2 UNIX 101 ... 477
7.5.3 Privilege Model... 482
7.5.4 Privilege Vulnerabilities .......................................................................................... 496
7.5.5 File Security... 512
7.5.6 File Internals ... 530
7.5.7 Links ... 534
7.5.8 Race Conditions ... 544
7.5.9 Temporary Files... 557
7.5.10 The Stdio File Interface ......................................................................................... 566
7.5.11 Summary... 576
The Art of Software Security Assessment - Identifying and Preventing Software Vulnerabilities
3
7.6 Chapter 10. UNIX II: Processes ....................................................................................... 576
7.6.1 Introduction ... 576
7.6.2 Processes ... 577
7.6.3 Program Invocation................................................................................................. 582
7.6.4 Process Attributes................................................................................................... 590
7.6.5 Interprocess Communication.................................................................................. 626
7.6.6 Remote Procedure Calls.......................................................................................... 633
7.6.7 Summary... 639
7.7 Chapter 11. Windows I: Objects and the File System..................................................... 639
7.7.1 Introduction ... 639
7.7.2 Background ... 640
7.7.3 Objects... 642
7.7.4 Sessions... 650
7.7.5 Security Descriptors................................................................................................ 662
7.7.6 Processes and Threads............................................................................................ 669
7.7.7 File Access... 675
7.7.8 The Registry ... 696
7.7.9 Summary... 700
7.8 Chapter 12. Windows II: Interprocess Communication.................................................. 700
7.8.1 Introduction ... 700
7.8.2 Windows IPC Security ............................................................................................. 701
7.8.3 Window Messaging................................................................................................. 705
7.8.4 Pipes... 713
7.8.5 Mailslots... 720
7.8.6 Remote Procedure Calls.......................................................................................... 721
7.8.7 COM ... 740
7.8.8 Summary... 770
7.9 Chapter 13. Synchronization and State........................................................................... 770
7.9.1 Introduction ... 770
7.9.2 Synchronization Problems ...................................................................................... 770
7.9.3 Process Synchronization ......................................................................................... 776
7.9.4 Signals ... 797
7.9.5 Threads ... 822
7.9.6 Summary... 837
8. Part III: Software Vulnerabilities in Practice ............................................................................. 838
8.1 Chapter 14. Network Protocols ...................................................................................... 838
8.1.1 Introduction ... 838
8.1.2 Internet Protocol... 840
8.1.3 User Datagram Protocol.......................................................................................... 871
8.1.4 Transmission Control Protocol ................................................................................ 873
8.1.5 Summary... 900
8.2 Chapter 15. Firewalls ... 900
8.2.1 Introduction ... 900
8.2.2 Overview of Firewalls.............................................................................................. 901
The Art of Software Security Assessment - Identifying and Preventing Software Vulnerabilities
4
8.2.3 Stateless Firewalls................................................................................................... 906
8.2.4 Simple Stateful Firewalls......................................................................................... 915
8.2.5 Stateful Inspection Firewalls................................................................................... 919
8.2.6 Spoofing Attacks ... 924
8.2.7 Summary... 931
8.3 Chapter 16. Network Application Protocols ................................................................... 931
8.3.1 Introduction ... 931
8.3.2 Auditing Application Protocols ............................................................................... 932
8.3.3 Hypertext Transfer Protocol.................................................................................... 946
8.3.4 Internet Security Association and Key Management Protocol ............................... 957
8.3.5 Abstract Syntax Notation (ASN.1) ........................................................................... 980
8.3.6 Domain Name System............................................................................................. 992
8.3.7 Summary... 1013
8.4 Chapter 17. Web Applications ...................................................................................... 1013
8.4.1 Introduction ... 1013
8.4.2 Web Technology Overview ................................................................................... 1014
8.4.3 HTTP... 1020
8.4.4 State and HTTP Authentication............................................................................. 1034
8.4.5 Architecture ... 1047
8.4.6 Problem Areas... 1053
8.4.7 Common Vulnerabilities ....................................................................................... 1067
8.4.8 Harsh Realities of the Web ................................................................................... 1083
8.4.9 Auditing Strategy .................................................................................................. 1086
8.4.10 Summary... 1089
8.5 Chapter 18. Web Technologies ..................................................................................... 1089
8.5.1 Introduction ... 1089
8.5.2 Web Services and Service-Oriented Architecture................................................. 1090
8.5.3 Web Application Platforms ................................................................................... 1092
8.5.4 CGI... 1092
8.5.5 Perl... 1100
8.5.6 PHP... 1103
8.5.7 Java ... 1112
8.5.8 ASP ... 1119
8.5.9 You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login ... 1124
8.5.10 Summary... 1129
9. Bibliography ... 1130
Enero 27, 2016, 05:56:12 PM #1 Ultima modificación: Enero 27, 2016, 07:23:30 PM por rollth
Quizás esto te resulte útil:

You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

Saludos
Imprimir
Ir Arriba Páginas1
Acciones del Usuario