Muutke küpsiste eelistusi

E-raamat: Testing Code Security

4.50/5 (4 hinnangut Goodreads-ist)
  • Formaat: 328 pages
  • Ilmumisaeg: 07-Jun-2007
  • Kirjastus: Auerbach
  • ISBN-13: 9781420013795
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 84,23 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Testing Code SecuritySuurem pilt
  • Formaat: 328 pages
  • Ilmumisaeg: 07-Jun-2007
  • Kirjastus: Auerbach
  • ISBN-13: 9781420013795
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

The huge proliferation of security vulnerability exploits, worms, and viruses place an incredible drain on both cost and confidence for manufacturers and consumers. The release of trustworthy code requires a specific set of skills and techniques, but this information is often dispersed and decentralized, encrypted in its own jargon and terminology, and can take a colossal amount of time and data mining to find.

Written in simple, common terms, Testing Code Security is a consolidated resource designed to teach beginning and intermediate testers the software security concepts needed to conduct relevant and effective tests. Answering the questions pertinent to all testing procedures, the book considers the differences in process between security testing and functional testing, the creation of a security test plan, the benefits and pitfalls of threat-modeling, and the identification of root vulnerability problems and how to test for them. The book begins with coverage of foundation concepts, the process of security test planning, and the test pass. Offering real life examples, it presents various vulnerabilities and attacks and explains the testing techniques appropriate for each. It concludes with a collection of background overviews on related topics to fill common knowledge gaps. Filled with cases illustrating the most common classes of security vulnerabilities, the book is written for all testers working in any environment, and it gives extra insight to threats particular to Microsoft Windows® platforms.

Providing a practical guide on how to carry out the task of security software testing, Testing Code Security gives the reader the knowledge needed to begin testing software security for any project and become an integral part in the drive to produce better software security and safety.
Acknowledgements xxi
About the Author xxiii
Introduction
1(6)
Why Is This Book Being Written?
1(1)
Why Am I Writing This Book
2(1)
Goals of This Book
3(1)
Intended Audience
4(1)
How This Book Is Organized
4(3)
Security Vocabulary
7(4)
Virus or Attack Naming
7(1)
Security Terminology
8(3)
Software Testing and Changes in the Security Landscape
11(12)
Software Testing as a Discipline
11(2)
Security Has Become More of a Priority
13(4)
The Number of Computers Has Increased
14(1)
The Use of the Internet Has Increased
14(1)
More Activities Are Performed Online
15(2)
Security Efforts Have Become More Visible
17(2)
Introduction of the Trustworthy Computing Security Development Lifecycle
17(1)
The Enormous Costs of Security Exploits Recognized
18(1)
In-House Software Is No Longer Immune
19(1)
Perimeter Security Just Isn't Enough
19(2)
Bibliography
21(2)
All Trust Is Misplaced
23(4)
Security Testing Considerations
27(46)
Security Testing Versus Functional Testing
27(6)
Change Your Focus
28(1)
All Consumers Are Not Customers
28(1)
The Intent of Security Testing Versus Functional Testing
29(1)
``Positive'' Versus ``Negative'' Testing
30(1)
Test Overlap and Streamlining
30(1)
Changing Your Prioritizations
31(1)
Code Maturity
31(1)
Code Complexity
32(1)
Code Coverage
32(1)
Discovery of Software Vulnerabilities
33(2)
Accidental Discovery
33(1)
Insider Information
34(1)
Deliberate Search Efforts
34(1)
Assume Attackers Know Everything You Do
35(3)
Source Code Compromise Is Common
35(1)
Tools Are Readily Available
35(1)
Secrecy Is Not Security
36(1)
Vulnerabilities Are Quickly Exploited
37(1)
Social Engineering Works All Over
37(1)
Know Your Attackers
38(3)
What?
38(1)
Why?
39(1)
Who?
39(1)
Create a Matrix
40(1)
Exploiting Software Vulnerabilities
41(8)
Trojan
41(1)
Trojan Horse Virus
42(1)
Virus
42(1)
Boot Sector Viruses
42(1)
Master Boot Record (MBR) Viruses
42(1)
File Infector Viruses
43(1)
Macro Viruses
43(1)
Multi-Partite Virus
43(1)
Worm
43(1)
Logic Bomb
43(1)
The Role of Social Engineering
44(1)
Active Attacks
45(1)
Passive Attacks
46(1)
Phishing
46(1)
Urban Legends
47(1)
Nigerian (419) Scams
48(1)
Lost in the Cracks
48(1)
Common Security Hindering Phrases
49(3)
``That's not a user scenario.''
49(1)
``It's hidden. The user can't even see it.''
50(1)
``No one is interested in trying to hack this product.''
50(1)
``Our developers have a security focus.''
50(1)
``The UI prevents that.''
51(1)
``It can't get to the back end.''
51(1)
``I got an error when I tested it. That means it's secure.''
52(1)
Software Development Life Cycle Versus Security-Testing Life Cycle
52(9)
The Generally Accepted Software Development Life Cycle
52(1)
Requirements Phase
53(1)
Design Phase
53(1)
Implementation Phase
54(1)
Verification Phase
55(1)
Release Phase
56(1)
Support Phase
56(1)
The Trustworthy Computing Security Development Lifecycle (SDL)
56(1)
Secure by Design
57(1)
Secure by Default
57(1)
Secure in Deployment
57(1)
Communications
57(1)
Requirements Phase
58(1)
Design Phase
58(1)
Implementation Phase
59(1)
Verification Phase
59(1)
Release Phase
60(1)
Support and Servicing
60(1)
Extreme Programming and Security Testing
60(1)
Black-Box Versus White-Box Security Testing
61(1)
Many Attacks Require Little Coding
61(1)
Security Testing Is a Part of All Testing Efforts
62(1)
The Differences Between Black Box and White Box Security Testing
62(1)
Guard Your Own Gates
62(3)
Reliance Solely on Outside Protection Is False Security
63(1)
Your Application Must Defend Itself
63(1)
Don't Let Your Application Be the Achilles' Heel
63(1)
Mitigation of Damages Must Be Considered
64(1)
There Is No Perfect Security
65(1)
The Role of Security Testing
65(2)
What Developers Want
65(1)
What Program Managers Want
66(1)
What Management Wants
66(1)
What Testers Want
67(1)
Effectively Presenting Security Issues
67(5)
Carefully Evaluate All Factors
68(1)
Risk
68(1)
Cost to Fix
68(1)
Cost if Exploited
68(1)
Trickle-Down Effect to Dependents
68(1)
Trickle-Up Effect to Dependencies
68(1)
Think Outside the Box
68(1)
Possible Solutions
69(1)
Possible Mitigations
69(1)
Pick Your Battles but Continue the War
69(1)
Make Bug Reports Accurate
69(1)
Include Appropriate Information
70(1)
If You Don't Agree with the Decision
70(1)
Don't Fight Every Decision
71(1)
Foster a Security-Conscious Environment
71(1)
Be Persistent
71(1)
Share Knowledge
71(1)
Advertise Success and Failure
71(1)
Bibliography
72(1)
Threat Modeling and Risk Assessment Processes
73(34)
Threat Modeling Terms
75(2)
Assets
75(1)
Attack Path
75(1)
Condition
75(1)
Entry Points
75(1)
External Dependency
76(1)
Exit Points
76(1)
Risk
76(1)
System
76(1)
Threat
76(1)
Threat Model
76(1)
Threat Profile
77(1)
Trust Levels
77(1)
Use Scenario
77(1)
Vulnerability
77(1)
Initial Modeling of Threats
77(9)
Document Entry and Exit Points
78(1)
Document Assets
79(2)
Document Trust Levels
81(1)
Document Use Cases and Use Scenarios
81(1)
Document External Dependencies
82(1)
Document External Security Notes
83(1)
Document Internal Security Notes
83(1)
Model the Application
83(1)
Create Threat Profile
84(1)
Create Attack Hypotheses
84(1)
Classify Threats
85(1)
Analyze Threats to Determine Vulnerabilities
85(1)
Prioritize Vulnerabilities
86(1)
Mitigate Vulnerabilities
86(1)
Update Threat Model
86(1)
Pitfalls of Threat Modeling
86(8)
Blindness to Interactions with Downstream Dependents
87(1)
Threat Model Tunnel Vision
87(1)
Failing to Track Dependency Changes
88(1)
All Copies of Data Aren't Addressed as Assets
88(1)
Temporary Files
89(1)
Database Backups
89(1)
Log Files
89(1)
Copies of Production Data Outside Production
90(1)
Failover Data
90(1)
Who Has Access or Control
91(1)
Physical Disks or Devices
91(1)
Security Becomes Single Layered --- No Defense in Depth
92(1)
Vulnerabilities with Lower Priorities Are Ignored
93(1)
Modeling Becomes a Time Sink
93(1)
Forgetting Physical Access
93(1)
Forgetting the Registry
94(1)
Threat Trees
94(2)
Attack Path
96(1)
Dread
96(2)
Damage Potential
97(1)
Reproducibility
97(1)
Exploitability
97(1)
Affected Users
97(1)
Discoverability
98(1)
Stride
98(1)
Spoofing Identity
98(1)
Tampering with Data
98(1)
Repudiation
99(1)
Information Disclosure
99(1)
Denial of Service
99(1)
Elevation of Privilege
99(1)
Merit
99(4)
Insider Threat Study Items of Note
100(1)
Analysis
100(1)
Attacker Behavioral Aspects
100(1)
Access Path Control Aspects
101(1)
Attacker Technical Aspects
102(1)
Defense Aspects
103(1)
Octave and Octave-S
103(2)
Phase 1 --- Build Asset-Based Threat Profiles
104(1)
Phase 2 --- Identify Infrastructure Vulnerabilities
104(1)
Phase 3 --- Develop Security Strategy and Plans
105(1)
Bibliography
105(2)
Personas and Testing
107(8)
Creating Personas
107(3)
Using Personas
110(1)
Pitfalls of Personas
111(1)
Persona Tunnel Vision
111(1)
Personas Are Customers, Not Consumers or Attackers
111(1)
Persona Flaws
111(1)
Security Personas
112(2)
Bibliography
114(1)
Security Test Planning
115(18)
Overview of the Process
115(1)
Start Drafting Your Test Documents
116(1)
Test Plan
116(1)
Test Case Outline/Test Case Documentation
116(1)
Dissect the System
117(2)
Separate the System into Security Areas
117(1)
Incoming Information
117(1)
Outgoing Information
118(1)
Dependencies
118(1)
Interactions/Interoperability
119(1)
Gather Information
119(4)
Look at Existing Product Bugs and Known Security Issues
120(1)
Your Own System
120(1)
Competitive Systems
121(1)
Systems You Interface or Interact With
121(1)
Review System Specifications
122(1)
Begin as Early as Possible
122(1)
Always Question Security Concerns
122(1)
Review Existing Test Plans and Cases
122(1)
Review Existing Test Automation
123(1)
Develop Security Cases
123(2)
Known Vulnerabilities
124(1)
Your System
124(1)
Other Known Vulnerabilities
124(1)
Unknown Vulnerabilities
124(1)
Prioritize Tests
125(1)
Use Threat Modeling/Risk Assessment Charts
125(1)
Use Personal Experience Data
126(1)
Talk to the Developers for Special Concerns
126(1)
Develop a Test Plan of Attack
126(2)
Using ``Normal'' or ``By Design'' Test Methods
127(1)
Using Commercial Tools
127(1)
Using Custom Tools
127(1)
Don't Forget Validation Tools
127(1)
Remember the Downsides
127(1)
Untestable Code Is Unshippable Code
128(1)
Draft a Schedule
128(2)
Time to Develop or Learn Tools
129(1)
Time to Perform Tests
129(1)
Time to Investigate Issues
129(1)
Time to Rerun All Security Tests on Release Candidate
130(1)
Review the Plan and Test Cases
130(1)
Review with Other Disciplines
130(1)
Review with Other Testers
130(1)
Share the Plan with Others
130(1)
Run Test Passes
131(1)
Postmortem the Results
131(2)
Sample Security Considerations
133(14)
Universal
133(5)
Default Installation
133(1)
Too Many Features Enabled on Install
134(1)
More Risky Abilities Enabled by Default
134(1)
High Permissions Required to Install but Not to Run
134(1)
Hard-Coded Install Locations
134(1)
Authentication
134(1)
User Authenticated Only at Certain Points
135(1)
Access Control Rules Not Enforced Consistently
135(1)
Input
135(1)
Input Contents Assumed Trustworthy
135(1)
Input Formats Assumed Trustworthy
135(1)
Input Sources Assumed Trustworthy
135(1)
Security Validations
135(1)
Validations Are Faulty
136(1)
Validations Are Processed in Wrong Order
136(1)
Cryptographic Considerations
136(1)
Cryptography Not Being Used
136(1)
Home-Grown Cryptography
136(1)
Operational Environment
136(1)
Registry Entries
136(1)
System Pathing
136(1)
Hidden Files and Locations
137(1)
Information Disclosure
137(1)
Verbose Errors Displayed
137(1)
Access to Temporary Files
137(1)
Access to Crash Dump Files or Reports
137(1)
Extraneous Code
137(1)
Debug Code Still Present
137(1)
Test Hooks Still Present
137(1)
Security Bypass Settings
138(1)
Stand-Alone Applications
138(2)
Application Process
138(1)
Processes Run at High Privilege
138(1)
Output
138(1)
Setup Information Saved to Hard-Coded Location
138(1)
State Information Saved to Hard-Coded Location
138(1)
Repair/Restore Information Saved to Hard-Coded Location
139(1)
Output Interceptable before Final Destination
139(1)
Backward Compatibility
139(1)
Defaults to Less-Secure Versions
139(1)
Operational Environment
139(1)
Cached Information Not Safeguarded
139(1)
Information Revealed Unnecessarily
139(1)
Registry Keys Easily Accessible
140(1)
APIs
140(2)
Application Process
140(1)
Processes Run at High Privilege
140(1)
Default Accounts Used to Run Processes
140(1)
Input
140(1)
Data Submission Formats Are Trusted
140(1)
No Validation of Data/Request Source
140(1)
Language
141(1)
Specific Language Details Relied On
141(1)
Operational Environment
141(1)
Session Cookies Are Weak or Easily Reused
141(1)
Session Persistence
141(1)
Specialized Considerations
141(1)
Safeguards on Perimeters Solely Relied On (Proxies, Etc.)
141(1)
Insufficient Safeguards on API Abilities
141(1)
Web Applications/Web Services/Distributed Applications
142(5)
Application Process
142(1)
Local Processes Run at High Privilege
142(1)
Server Processes Run at High Privilege
142(1)
Default Accounts Used to Execute (Admin, Dbo, Sa)
142(1)
Input
142(1)
Custom Packet Format Relied On
142(1)
Data Not Encoded Before Action
143(1)
Hidden Form Fields Not Validated
143(1)
Data Transfer
143(1)
Named Pipes
143(1)
Traffic Not Encrypted
143(1)
Client
143(1)
Rogue Clients Not Detected
143(1)
Server Verifies Only Client, Not Data (Client Hijacking)
144(1)
No Antirepudiation Validation
144(1)
Server
144(1)
Rogue Servers Not Detected
144(1)
Client Verifies Only Server Identity, Not Data (Server Hijacking)
144(1)
No Antirepudiation Validation
144(1)
Remote Administration Available
144(1)
Specialized Considerations
144(1)
Safeguards on Perimeter Only
145(1)
Encryption Keys Stored in Source Code
145(1)
HTML Comments Remain in Shipped Forms
145(2)
Vulnerability Case Study: Brute Force Browsing
147(6)
Pseudonyms
147(1)
Description
147(2)
URL Guessing
148(1)
Session Replay Attack
148(1)
Non-URL Forceful Browsing
149(1)
Anatomy of an Exploit
149(1)
URL Guessing
149(1)
Session Replay
149(1)
Real-World Examples
150(1)
Test Techniques
150(3)
URL Guessing
150(1)
Session Replay
151(2)
Vulnerability Case Study: Buffer Overruns
153(12)
Pseudonyms
153(1)
Description
153(4)
Stack Buffer Overruns
154(1)
Heap Buffer Overruns
155(2)
Anatomy of an Exploit
157(1)
Real-World Examples
158(2)
Buffer Overrun
158(1)
Stack Buffer Overrun/Stack Smashing
158(1)
Heap Buffer Overrun/Heap Smashing
159(1)
Test Techniques
160(2)
Find and Document All Entry Points into the Product You Are Testing
160(1)
Create an Attack That Targets Each Variable at Each Entry Point
160(1)
Pass the Attack Data to Each Entry Point
161(1)
Look for Any Crashes or Unexpected Behavior
161(1)
Black Box
161(1)
White Box
162(1)
Bibliography
162(3)
Vulnerability Case Study: Cookie Tampering
165(8)
Pseudonyms
165(1)
Description
165(3)
Background
165(1)
Cookie Risks
166(1)
Cookie Theft
166(1)
Cookie Poisoning
167(1)
Cookie Inaccuracies
167(1)
Cross-Site Cooking
167(1)
Anatomy of an Exploit
168(1)
Cookie Theft
168(1)
Cookie Poisoning
169(1)
Cross-Site Cooking
169(1)
Real-World Examples
169(1)
Cookie Theft
169(1)
Cross-Site Cooking
170(1)
Test Techniques
170(3)
Black-Box Testing
170(1)
Analyze the Gathered Cookies
170(1)
Compare to Documentation
171(1)
Modify Cookies
171(1)
Cookie Misuse
172(1)
White-Box Testing
172(1)
Vulnerability Case Study: Cross-Site Scripting (XSS)
173(10)
Pseudonyms
173(1)
Description
173(3)
Nonpersistent or Reflected
174(1)
Persistent or Stored
175(1)
DOM-Based or ``Local''
175(1)
Anatomy of an Exploit
176(1)
Nonpersistent or Reflected Exploit
176(1)
Persistent or Stored Exploit
176(1)
DOM-Based or Local
177(1)
Real-World Examples
177(2)
Bugzilla DOM-Based XSS
177(1)
PayPal XSS
177(1)
Microsoft Passport
178(1)
MySpace XSS Worm
179(1)
Test Techniques
179(3)
Question All Filtering and Encoding
180(1)
Black-Box Testing
180(1)
Basic Script Test
180(1)
Encoding Test
181(1)
Returned Code Examination
181(1)
White-Box Testing
181(1)
Hidden Fields
182(1)
GET Versus POST
182(1)
Bibliography
182(1)
Vulnerability Case Study: Denial of Service/Distributed Denial of Service
183(10)
Pseudonyms
183(1)
Description
183(3)
Ping of Death
184(1)
Teardrop
184(1)
Ping Flooding
184(1)
Smurf Attacks
185(1)
Amplification Attacks
185(1)
SYN Flooding
185(1)
Distributed Denial of Service (DDoS)
186(1)
Anatomy of an Exploit
186(1)
Ping of Death
186(1)
Teardrop
186(1)
Ping Flooding
187(1)
Smurf
187(1)
SYN Flooding
187(1)
Real-World Examples
187(2)
WorldPay DDoS Attack
187(1)
Gibson Research Corporation DDoS Attack
188(1)
Chat DoS Attack
189(1)
Test Techniques
189(1)
Network DoS
189(1)
Protocol Vulnerability
189(1)
Lack of Limits
190(1)
Think Outside the Typical DoS Box
190(1)
Circular References
190(1)
Bibliography
190(3)
Vulnerability Case Study: Format String Vulnerabilities
193(8)
Pseudonyms
193(1)
Description
193(3)
Anatomy of an Exploit
196(1)
Real-World Examples
196(2)
Ramen Worm Toolkit
196(1)
wu-ftpd (port 21/tcp)
197(1)
rpc.statd (port 111/udp)
197(1)
lprng (port 515/tcp)
197(1)
Test Techniques
198(1)
Black Box
198(1)
White Box
198(1)
Tools
199(1)
Flawfinder
199(1)
ITS4 Security Scanner
199(1)
Pscan
199(1)
Rough Auditing Tool for Security (RATS)
199(1)
Smatch
199(1)
Splint
200(1)
Bibliography
200(1)
Vulnerability Case Study: Integer Overflows and Underflows
201(6)
Pseudonyms
201(1)
Description
201(2)
Anatomy of an Exploit
203(1)
Real-World Examples
204(1)
Test Techniques
205(1)
Black Box
205(1)
White Box
206(1)
Bibliography
206(1)
Vulnerability Case Study: Man-in-the-Middle Attacks
207(4)
Pseudonyms
207(1)
Description
207(2)
Anatomy of an Exploit
209(1)
Real-World Examples
209(1)
Test Techniques
210(1)
Bibliography
210(1)
Vulnerability Case Study: Password Cracking
211(6)
Pseudonyms
211(1)
Description
211(3)
Default Passwords
212(1)
Weak Passwords/Password Guessing
212(1)
Insecure Password Storage
212(1)
Insecure Password Transmission
213(1)
Dictionary-Based Attacks
213(1)
Brute Force Attacks
213(1)
Anatomy of an Exploit
214(1)
Default Passwords
214(1)
Password Guessing
214(1)
Insecure Password Storage
214(1)
Insecure Password Transmission
214(1)
Dictionary-Based Password Attacks
214(1)
Brute Force Attacks
215(1)
Real-World Examples
215(1)
Default Passwords
215(1)
Insecure Password Storage
215(1)
Insecure Password Transmission
215(1)
Test Techniques
215(1)
Insecure Password Storage
215(1)
Insecure Password Transmission
216(1)
Password Cracking
216(1)
Bibliography
216(1)
Vulnerability Case Study: Session Hijacking
217(4)
Pseudonyms
217(1)
Description
217(2)
Anatomy of an Exploit
219(1)
Real-World Examples
219(1)
Test Techniques
219(1)
Bibliography
220(1)
Vulnerability Case Study: Spoofing Attacks
221(4)
Pseudonyms
221(1)
Description
221(2)
Nonblind Spoofing
222(1)
Blind Spoofing
222(1)
Denial of Service Attack
222(1)
Anatomy of an Exploit
223(1)
Nonblind Attack
223(1)
Real-World Examples
223(1)
Test Techniques
223(2)
Vulnerability Case Study: SQL Injection
225(8)
Pseudonyms
225(1)
Description
225(2)
Anatomy of an Exploit
227(2)
Look for a Possible Vulnerability
227(1)
Test the Vulnerability
227(1)
All Errors Are Not Created Equal
227(1)
The Hunt Continues
228(1)
Real-World Examples
229(1)
Test Techniques
229(2)
Black-Box Testing
229(1)
White-Box Testing
229(2)
Bibliography
231(2)
Fuzz Testing
233(8)
Assumptions
233(1)
Process Steps
234(4)
Prioritize and Choose Targets
234(1)
Set the Bug Fix Bar
235(1)
Choose Tactics
235(1)
``Smart'' Fuzz Testing
235(1)
``Dumb'' Fuzz Testing
236(1)
Mutation
236(1)
Generation
236(1)
Mixed Fuzz Testing
236(1)
Build Tools and Test Harnesses
236(1)
Run Tests
237(1)
Analyze Results
237(1)
Fix Vulnerabilities
237(1)
Repeat
238(1)
Case Studies
238(1)
1990: UNIX
238(1)
1995: UNIX
238(1)
2000: Windows NT and Windows 2000
238(1)
Bibliography
239(2)
Background: Cryptography
241(8)
Encryption
241(2)
Authentication
242(1)
Integrity
242(1)
Confidentiality
242(1)
Nonrepudiation
242(1)
How Encryption Works
243(2)
Methodology
243(1)
Key-Based Ciphers
243(1)
Key-Based Algorithms
244(1)
Symmetric (Single-Key) Cipher
244(1)
Asymmetric Encryption
244(1)
Hash Cipher
245(1)
Encryption Tools
245(1)
PGP
245(1)
GPG
246(1)
S/KEY
246(1)
SSH and SCP
246(1)
SSL
246(1)
Crypto Is Not Always Secure
246(2)
Key Length
246(1)
Programmer Error
247(1)
User Error
247(1)
Obscurity
247(1)
Cryptanalysis
247(1)
The Future of Crypto
248(1)
Background: Firewalls
249(6)
TCP/IP
249(1)
Packets
250(1)
Ports
250(1)
Port Scanners
250(1)
Types of Firewalls
251(2)
Packet Filtering
251(1)
Stateful Packet Inspection
251(1)
Application-Level Proxy
252(1)
Network Address Translation (NAT)
252(1)
Drawbacks to Using Firewalls
253(2)
Background: OSI Network Model
255(6)
Application Layer (Layer 7)
256(1)
Presentation Layer (Layer 6)
256(1)
Session Layer (Layer 5)
256(1)
Transport Layer (Layer 4)
257(1)
Network Layer (Layer 3)
257(1)
Data Link Layer (Layer 2)
258(1)
Physical Layer (Layer 1)
258(3)
Background: Proxy Servers
261(6)
Types of Proxy Servers
261(3)
Web Proxy
261(1)
Specialized Web Proxies
262(1)
SSL Proxy
262(1)
Intercepting Proxy
262(1)
Open Proxy
263(1)
Reverse Proxy
263(1)
Split Proxy
264(1)
Circumventor
264(1)
Anonymous
265(2)
Background: TCP/IP and Other Networking Protocols
267(8)
TCP
267(2)
TCP Packet Fields
268(1)
TCP Flags
268(1)
Common TCP Application Port Numbers
269(1)
IP
269(4)
IPv4
270(1)
Packet Fields
270(1)
Addresses
271(1)
Fragmentation Variables
272(1)
IPv6
272(1)
Packet Fields
272(1)
Addresses
272(1)
UDP
273(1)
ICMP
273(1)
ARP
273(1)
RARP
274(1)
BOOTP
274(1)
DHCP
274(1)
Background: Test Case Outlining (TCO)
275(12)
Goals
275(1)
What Is (and Is Not) a TCO
276(1)
Benefits of a TCO
276(1)
Steps in Test Case Outlining
277(7)
Research the Item to Be Tested
277(1)
Determine Starting TCO Format
278(1)
Draft an Initial Outline
278(1)
Refine and Drill Down
279(1)
Write Atomic/Predictive Statements of Behavior
280(1)
Use Equivalency Classes if Possible
281(2)
Review, Review, Review
283(1)
TCO Formats
284(1)
TCO Maintenance
284(1)
TCO to Scenario
285(2)
Additional Sources of Information
287(2)
Recommended Reading
287(1)
Recommended Web Sites and Mailing Lists
287(2)
Index 289


van der Linden, Maura A.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97814200137952e.html
Märksõnad: