| |
| |
Foreword | |
| |
| |
Acknowledgments | |
| |
| |
Introduction | |
| |
| |
Buffer Overruns | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Sinful C/C++ | |
| |
| |
Related Sins | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
Example Sins | |
| |
| |
CVE-1999-0042 | |
| |
| |
CVE-2000-0389-CVE-2000-0392 | |
| |
| |
CVE-2002-0842, CVE-2003-0095, CAN-2003-0096 | |
| |
| |
CAN-2003-0352 | |
| |
| |
Redemption Steps | |
| |
| |
Replace Dangerous String Handling Functions | |
| |
| |
Audit Allocations | |
| |
| |
Check Loops and Array Accesses | |
| |
| |
Replace C String Buffers with C++ Strings | |
| |
| |
Replace Static Arrays with STL Containers | |
| |
| |
Use Analysis Tools | |
| |
| |
Extra Defensive Measures | |
| |
| |
Stack Protection | |
| |
| |
Non-executable Stack and Heap | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
Format String Problems | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Sinful C/C++ | |
| |
| |
Related Sins | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
Example Sins | |
| |
| |
CVE-2000-0573 | |
| |
| |
CVE-2000-0844 | |
| |
| |
Redemption Steps | |
| |
| |
C/C++ Redemption | |
| |
| |
Extra Defensive Measures | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
Integer Overflows | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Sinful C and C++ | |
| |
| |
Sinful C# | |
| |
| |
Sinful Visual Basic and Visual Basic .NET | |
| |
| |
Sinful Java | |
| |
| |
Sinful Perl | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
C/C++ | |
| |
| |
C# | |
| |
| |
Java | |
| |
| |
Visual Basic and Visual Basic .NET | |
| |
| |
Perl | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
Example Sins | |
| |
| |
Flaw in Windows Script Engine Could Allow Code Execution | |
| |
| |
Integer Overflow in the SOAPParameter Object Constructor | |
| |
| |
Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise | |
| |
| |
Redemption Steps | |
| |
| |
Extra Defensive Measures | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
SQL Injection | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Sinful C# | |
| |
| |
Sinful PHP | |
| |
| |
Sinful Perl/CGI | |
| |
| |
Sinful Java and JDBC | |
| |
| |
Sinful SQL | |
| |
| |
Related Sins | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
Example Sins | |
| |
| |
CAN-2004-0348 | |
| |
| |
CAN-2002-0554 | |
| |
| |
Redemption Steps | |
| |
| |
Validate All Input | |
| |
| |
Never Use String Concatenation to Build SQL Statements | |
| |
| |
PHP 5.0 and MySQL 4.1 or Later Redemption | |
| |
| |
Perl/CGI Redemption | |
| |
| |
Java Using JDBC Redemption | |
| |
| |
ColdFusion Redemption | |
| |
| |
SQL Redemption | |
| |
| |
Extra Defensive Measures | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
Command Injection | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Related Sins | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
Example Sins | |
| |
| |
CAN-2001-1187 | |
| |
| |
CAN-2002-0652 | |
| |
| |
Redemption Steps | |
| |
| |
Data Validation | |
| |
| |
When a Check Fails | |
| |
| |
Extra Defensive Measures | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
Failing to Handle Errors | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Yielding Too Much Information | |
| |
| |
Ignoring Errors | |
| |
| |
Misinterpreting Errors | |
| |
| |
Using Useless Error Values | |
| |
| |
Handling the Wrong Exceptions | |
| |
| |
Handling All Exceptions | |
| |
| |
Sinful C/C++ | |
| |
| |
Sinful C/C++ on Windows | |
| |
| |
Sinful C++ | |
| |
| |
Sinful C#, VB.NET, and Java | |
| |
| |
Related Sins | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
Example Sin | |
| |
| |
CAN-2004-0077 Linux Kernel do_mremap | |
| |
| |
Redemption Steps | |
| |
| |
C/C++ Redemption | |
| |
| |
C#, VB.NET, and Java Redemption | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
Cross-Site Scripting | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Sinful C/C++ ISAPI Application or Filter | |
| |
| |
Sinful ASP | |
| |
| |
Sinful ASP.NET Forms | |
| |
| |
Sinful JSP | |
| |
| |
Sinful PHP | |
| |
| |
Sinful CGI Using Perl | |
| |
| |
Sinful mod_perl | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
Example Sins | |
| |
| |
IBM Lotus Domino Cross-Site Scripting and HTML Injection Vulnerabilities | |
| |
| |
Oracle HTTP Server "isqlplus" Input Validation Flaws Let Remote Users Conduct Cross-Site Scripting Attacks | |
| |
| |
CVE-2002-0840 | |
| |
| |
Redemption Steps | |
| |
| |
ISAPI C/C++ Redemption | |
| |
| |
ASP Redemption | |
| |
| |
ASP.NET Forms Redemption | |
| |
| |
JSP Redemption | |
| |
| |
PHP Redemption | |
| |
| |
CGI Redemption | |
| |
| |
mod_perl Redemption | |
| |
| |
A Note on HTML Encode | |
| |
| |
Extra Defensive Measures | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
Failing to Protect Network Traffic | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Related Sins | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
Example Sins | |
| |
| |
TCP/IP | |
| |
| |
E-mail Protocols | |
| |
| |
E*Trade | |
| |
| |
Redemption Steps | |
| |
| |
Low-Level Recommendations | |
| |
| |
Extra Defensive Measures | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
Use of Magic URLs and Hidden Form Fields | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Magic URLs | |
| |
| |
Hidden Form Fields | |
| |
| |
Related Sins | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
Example Sins | |
| |
| |
CAN-2000-1001 | |
| |
| |
MaxWebPortal Hidden Form Field Modification | |
| |
| |
Redemption Steps | |
| |
| |
Attacker Views the Data | |
| |
| |
Attacker Replays the Data | |
| |
| |
Attacker Predicts the Data | |
| |
| |
Attacker Changes the Data | |
| |
| |
Extra Defensive Measures | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
Improper Use of SSL and TLS | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Related Sins | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
Example Sins | |
| |
| |
E-mail Clients | |
| |
| |
Safari Web Browser | |
| |
| |
The Stunnel SSL Proxy | |
| |
| |
Redemption Steps | |
| |
| |
Choosing a Protocol Version | |
| |
| |
Choosing a Cipher Suite | |
| |
| |
Ensuring Certificate Validity | |
| |
| |
Validating the Hostname | |
| |
| |
Checking Certificate Revocation | |
| |
| |
Extra Defensive Measures | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
Use of Weak Password-Based Systems | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Related Sins | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
Password Content Policy | |
| |
| |
Password Changes and Resets | |
| |
| |
Password Protocols | |
| |
| |
Password Handling and Storage | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
Example Sins | |
| |
| |
CVE-2005-1505 | |
| |
| |
CVE-2005-0432 | |
| |
| |
The TENEX Bug | |
| |
| |
The Paris Hilton Hijacking | |
| |
| |
Redemption Steps | |
| |
| |
Multifactor Authentication | |
| |
| |
Storing and Checking Passwords | |
| |
| |
Guidelines for Choosing Protocols | |
| |
| |
Guidelines for Password Resets | |
| |
| |
Guidelines for Password Choice | |
| |
| |
Other Guidelines | |
| |
| |
Extra Defensive Measures | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
Failing to Store and Protect Data Securely | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Weak Access Controls to "Protect" Secret Data | |
| |
| |
Sinful Access Controls | |
| |
| |
Embedding Secret Data in Code | |
| |
| |
Related Sins | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
Example Sins | |
| |
| |
CVE-2000-0100 | |
| |
| |
CAN-2002-1590 | |
| |
| |
CVE-1999-0886 | |
| |
| |
CAN-2004-0311 | |
| |
| |
CAN-2004-0391 | |
| |
| |
Redemption Steps | |
| |
| |
Use the Operating System's Security Technologies | |
| |
| |
C/C++ Windows 2000 and Later Redemption | |
| |
| |
ASP.NET 1.1 and Later Redemption | |
| |
| |
C#.NET Framework 2.0 Redemption | |
| |
| |
C/C++ Mac OS X v10.2 and Later Redemption | |
| |
| |
Redemption with No Operating System Help (or Keeping Secrets Out of Harm's Way) | |
| |
| |
A Note on Java and the Java KeyStore | |
| |
| |
Extra Defensive Measures | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
Information Leakage | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Side Channels | |
| |
| |
TMI: Too Much Information! | |
| |
| |
A Model for Information Flow Security | |
| |
| |
Sinful C# (and Any Other Language) | |
| |
| |
Related Sins | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
The Stolen Laptop Scenario | |
| |
| |
Example Sins | |
| |
| |
Dan Bernstein's AES Timing Attack | |
| |
| |
CAN-2005-1411 | |
| |
| |
CAN-2005-1133 | |
| |
| |
Redemption Steps | |
| |
| |
C# (and Other Languages) Redemption | |
| |
| |
Network Locality Redemption | |
| |
| |
Extra Defensive Measures | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
Improper File Access | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Sinful C/C++ on Windows | |
| |
| |
Sinful C/C++ | |
| |
| |
Sinful Perl | |
| |
| |
Sinful Python | |
| |
| |
Related Sins | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
Example Sins | |
| |
| |
CAN-2005-0004 | |
| |
| |
CAN-2005-0799 | |
| |
| |
CAN-2004-0452 and CAN-2004-0448 | |
| |
| |
CVE-2004-0115 Microsoft Virtual PC for the Macintosh | |
| |
| |
Redemption Steps | |
| |
| |
Perl Redemption | |
| |
| |
C/C++ Redemption on *nix | |
| |
| |
C/C++ Redemption on Windows | |
| |
| |
Getting the Location of the User's Temporary Directory | |
| |
| |
.NET Code Redemption | |
| |
| |
Extra Defensive Measures | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
Trusting Network Name Resolution | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Sinful Applications | |
| |
| |
Related Sins | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
Example Sins | |
| |
| |
CVE-2002-0676 | |
| |
| |
CVE-1999-0024 | |
| |
| |
Redemption Steps | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
Race Conditions | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Sinful Code | |
| |
| |
Related Sins | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
Example Sins | |
| |
| |
CVE-2001-1349 | |
| |
| |
CAN-2003-1073 | |
| |
| |
CVE-2000-0849 | |
| |
| |
Redemption Steps | |
| |
| |
Extra Defensive Measures | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
Unauthenticated Key Exchange | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Related Sins | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
Example Sins | |
| |
| |
Novell Netware MITM Attack | |
| |
| |
CAN-2004-0155 | |
| |
| |
Redemption Steps | |
| |
| |
Extra Defensive Measures | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
Cryptographically Strong Random Numbers | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Sinful NonCryptographic Generators | |
| |
| |
Sinful Cryptographic Generators | |
| |
| |
Sinful True Random Number Generators | |
| |
| |
Related Sins | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
When Random Numbers Should Have Been Used | |
| |
| |
Finding Places that Use PRNGs | |
| |
| |
Determining Whether a CRNG Is Seeded Properly | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
Example Sins | |
| |
| |
The Netscape Browser | |
| |
| |
OpenSSL Problems | |
| |
| |
Redemption Steps | |
| |
| |
Windows | |
| |
| |
.NET Code | |
| |
| |
Unix | |
| |
| |
Java | |
| |
| |
Replaying Number Streams | |
| |
| |
Extra Defensive Measures | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
Poor Usability | |
| |
| |
Overview of the Sin | |
| |
| |
Affected Languages | |
| |
| |
The Sin Explained | |
| |
| |
Who Are Your Users? | |
| |
| |
The Minefield: Presenting Security Information to Your Users | |
| |
| |
Related Sins | |
| |
| |
Spotting the Sin Pattern | |
| |
| |
Spotting the Sin During Code Review | |
| |
| |
Testing Techniques to Find the Sin | |
| |
| |
Example Sins | |
| |
| |
SSL/TLS Certificate Authentication | |
| |
| |
Internet Explorer 4.0 Root Certificate Installation | |
| |
| |
Redemption Steps | |
| |
| |
When Users Are Involved, Make the UI Simple and Clear | |
| |
| |
Make Security Decisions for Users | |
| |
| |
Make Selective Relaxation of Security Policy Easy | |
| |
| |
Clearly Indicate Consequences | |
| |
| |
Make It Actionable | |
| |
| |
Provide Central Management | |
| |
| |
Other Resources | |
| |
| |
Summary | |
| |
| |
Mapping the 19 Deadly Sins to the OWASP "Top Ten" | |
| |
| |
Summary of Do's and Don'ts | |
| |
| |
Buffer Overruns Summary | |
| |
| |
Format String Problems Summary | |
| |
| |
Integer Overflows Summary | |
| |
| |
SQL Injection Summary | |
| |
| |
Command Injection Summary | |
| |
| |
Failing to Handle Errors Summary | |
| |
| |
Cross-Site Scripting Summary | |
| |
| |
Failing to Protect Network Traffic Summary | |
| |
| |
Use of Magic URLs and Hidden Form Fields Summary | |
| |
| |
Improper Use of SSL and TLS Summary | |
| |
| |
Use of Weak Password-Based Systems Summary | |
| |
| |
Failing to Store and Protect Data Securely Summary | |
| |
| |
Information Leakage Summary | |
| |
| |
Improper File Access Summary | |
| |
| |
Trusting Network Name Resolution Summary | |
| |
| |
Race Conditions Summary | |
| |
| |
Unauthenticated Key Exchange Summary | |
| |
| |
Cryptographically Strong Random Numbers Summary | |
| |
| |
Poor Usability Summary | |
| |
| |
Index | |