The depth and detail exceeds all books that I know about by an order of magnitude.? Flakes? Halvar, CEO and head of research, SABRE Security GmbH The Insider definitive? S Guide to Security Auditing This is one of the detailed, sophisticated, and most useful guides to software security auditing ever written. The author of the leading security consultants and researchers who personally have found vulnerabilities in applications ranging from sendmail to Microsoft Exchange, Check Point VPN to Internet Explorer. applications to reveal security flaw even the most subtle and well-hidden. Art Security Assessment covers the full spectrum of software vulnerabilities in both UNIX / Linux and Windows environment. Coverage includes ? Bridging the gap between secure software design and post-implementation review ? Evaluating network software: IP stacks, firewalls, and common application protocols ? Auditing Web applications and technologies This book is a resource that has never happened before to all those who have to provide secure software or assure the safety of existing software: consultants, security specialists, developers, QA staff, testers, and administrators together. Content ABOUT THE AUTHORS xv PREFACE xvii ACKNOWLEDGMENTS xxi I Introduction to Software Security Assessment 1 SOFTWARE VULNERABILITY FUNDAMENTALS 3 2 DESIGN REVIEW 25 3 OPERATIONAL REVIEW 67 4 APPLICATION REVIEW PROCESS 91 II Software Vulnerabilities 5 MEMORY CORRUPTION 167 6 C LANGUAGE ISSUES 203 7 PROGRAM BUILDING BLOCKS 297 8 STRINGS ANDMETACHARACTERS 387 9 UNIX I: PRIVILEGES AND FILES 459 10 UNIX II: PROCESSES 559 11 WINDOWS I: OBJECTS AND THE FILE SYSTEM 625 12 WINDOWS II: COMMUNICATION interprocess 685 13 SYNCHRONIZ ation AND STATE 755 III Software Vulnerabilities Practice 14 829 IP NETWORK 15 Firewalls 891 16 protocol 921 NETWORK APPLICATIONS 17 WEB APPLICATIONS 1007 18 WEB TECHNOLOGIES 1083 BIBLIOGRAPHY 1125 INDEX 1129