The Vault

blog December 19th, 2006

We’ve decided to create a page for each chapter in order to collect resources that might be useful to readers. We’ll probably start with links to good external resources, and possibly mirror full source trees for the vulnerable code example that we present. This way, you can get a feel for what it would be like to find the vulnerability in real-world conditions, and heck, you might even find new vulnerabilities while you’re at it. Also, we know there’s lots of spooky people out there that have ideas and thoughts to add, so we’d love to see discussion about the different topic areas. Feel free to ask questions too, and don’t be embarrassed to ask something that you might think is stupid. A large part of successful code auditing is developing confidence in your ability to brainstorm, and the only way to do this is to be wildly wrong a few million times.

Note: This is actually a lot of work, so expect the pages to come online as we find the time to fill them out.

Chapter 1 - Software Vulnerability Fundamentals

Chapter 2 - Design Review

Chapter 3 - Operational Review

Chapter 4 - Application Review Process

Chapter 5 - Memory Corruption

Chapter 6 - C Language Issues

Chapter 7 - Program Building Blocks

Chapter 8 - Strings and Metacharacters

Chapter 9 - UNIX I: Privileges and Files

Chapter 10 - UNIX II: Processes

Chapter 11 - Windows I: Objects and the File System

Chapter 12 - Windows II: Interprocess Communication

Chapter 13 - Synchronization and State

Chapter 14 - Network Protocols

Chapter 15 - Firewalls

Chapter 16 - Network Application Protocols

Chapter 17 - Web Applications

Chapter 18 - Web Technologies

Permanent Link | Trackback URI | Comments RSS

Leave a Reply