Network.Security.Tools [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Network.Security.Tools [Electronic resources] - نسخه متنی

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Table of Contents

Copyright

Preface

Audience

Assumptions This Book Makes

Contents of This Book

Conventions Used in This Book

Using Code Examples

We'd Like to Hear from You

Safari Enabled

Acknowledgments

Part I: Modifying and Hacking Security Tools

Chapter 1. Writing Plug-ins for Nessus

Section 1.1. The Nessus Architecture

Section 1.2. Installing Nessus

Section 1.3. Using Nessus

Section 1.4. The NASL Interpreter

Section 1.5. Hello World

Section 1.6. Datatypes and Variables

Section 1.7. Operators

Section 1.8. if...else

Section 1.9. Loops

Section 1.10. Functions

Section 1.11. Predefined Global Variables

Section 1.12. Important NASL Functions

Section 1.13. Nessus Plug-ins

Chapter 2. Developing Dissectors and Plug-ins for the Ettercap Network Sniffer

Section 2.1. Installing and Using Ettercap

Section 2.2. Writing an Ettercap Dissector

Section 2.3. Writing an Ettercap Plug-in

Chapter 3. Extending Hydra and Nmap

Section 3.1. Extending Hydra

Section 3.2. Adding Service Signatures to Nmap

Chapter 4. Writing Plug-ins for the Nikto Vulnerability Scanner

Section 4.1. Installing Nikto

Section 4.2. Using Nikto

Section 4.3. Nikto Under the Hood

Section 4.4. Existing Nikto Plug-ins

Section 4.5. Adding Custom Entries to the Plug-in Databases

Section 4.6. Using LibWhisker

Section 4.7. Writing an NTLM Plug-in for Brute-Force Testing

Section 4.8. Writing a Standalone Plug-in to Attack Lotus Domino

Chapter 5. Writing Modules for the Metasploit Framework

Section 5.1. Introduction to MSF

Section 5.2. Overview of Stack Buffer Overflows

Section 5.3. Writing Exploits for MSF

Section 5.4. Writing a Module for the MnoGoSearch Overflow

Section 5.5. Writing an Operating System Fingerprinting Module for MSF

Chapter 6. Extending Code Analysis to the Webroot

Section 6.1. Attacking Web Applications at the Source

Section 6.2. Toolkit 101

Section 6.3. PMD

Section 6.4. Extending PMD

Part II: Modifying and Hacking Security Tools

Chapter 7. Fun with Linux Kernel Modules

Section 7.1. Hello World

Section 7.2. Intercepting System Calls

Section 7.3. Hiding Processes

Section 7.4. Hiding from netstat

Chapter 8. Developing Web Assessment Tools and Scripts

Section 8.1. Web Application Environment

Section 8.2. Designing the Scanner

Section 8.3. Building the Log Parser

Section 8.4. Building the Scanner

Section 8.5. Using the Scanner

Section 8.6. Complete Source Code

Chapter 9. Automated Exploit Tools

Section 9.1. SQL Injection Exploits

Section 9.2. The Exploit Scanner

Section 9.3. Using the Scanner

Chapter 10. Writing Network Sniffers

Section 10.1. Introduction to libpcap

Section 10.2. Getting Started with libpcap

Section 10.3. libpcap and 802.11 Wireless Networks

Section 10.4. libpcap and Perl

Section 10.5. libpcap Library Reference

Chapter 11. Writing Packet-Injection Tools

Section 11.1. Introduction to libnet

Section 11.2. Getting Started with libnet

Section 11.3. Advanced libnet Functions

Section 11.4. Combining libnet and libpcap

Section 11.5. Introducing AirJack

Colophon

توضیحات
افزودن یادداشت جدید







6.2. Toolkit 101


The

symptomatic code approach requires a
combination of manual and automated testing tools. At a minimum,
these tools must include the following:

Source code viewer


The tester uses this tool, which typically
is a text editor, to browse through the source or drill down a
particular piece of code flagged by static analysis tools. When
available, an Integrated Development
Environment (IDE) is a powerful tool for quickly navigating through
sources and tracing method-call hierarchies.


Vulnerability tracking database


This isn't a testing tool, but no discussion of
source code analysis is complete without mentioning the need to track
identified

vulnerabilities. Tracking can
range from recording issues in a simple text file to logging them in
a bug-tracking database such as Bugzilla. At a minimum, the database
should provide a place to document the vulnerability, including file
location and line number of the insecure code, and steps for
reproducing the vulnerability. Documenting this type of information
can be a nuisance. You realize its true value only when presenting
findings to management or developers.


Static analysis tools


These tools assist the tester by pointing to
specific lines of code, which can be examined more closely within the
source code viewer. Database-driven scanning tools that have plug-ins
for popular IDEs are ideal. From the IDE console, they allow the
tester to launch and view scan results as well as drill down on
individual instances of flagged code with a single click.



Static analysis tools are the core component of the
tester's toolkit. At a minimum, these tools employ
pattern-matching technology
common to utilities such as
grep, and most
database-driven source code scanning tools such as Flawfinder and
RATS. Patterns constructed for these tools can represent a simple
string or a complex regular expression. The primary benefit of a
utility such as grep is ad hoc searches of the
source, whereas scanning tools provide a default set of rules for
identifying insecure code. Some scanning tools have knowledge about
the semantics of the target code, allowing for more intelligent
analysis than traditional pattern-matching utilities.
grep is valuable when database-driven scanning
tools are not available for the target source. This is often the case
for web application scripting technologies such as Active Server
Pages (VBScript).

The output from static analysis tools produced at the beginning of
the review provide an initial road map for identifying known or
suspected patterns of insecure code. These tools facilitate tracking
down instances of custom code that the tester might otherwise notice
only once he's familiar with the source. Compiling a
robust symptom code database improves the effectiveness of static
analysis tools.


6.2.1. Symptom Code Databases


A
symptom code
database serves as an initial test plan at the start of each code
review and can be continuously updated as new symptoms are
discovered. How you construct symptom code depends on which static
analysis tool you use and the programming languages it supports.
Pattern-matching tools describe symptom code as a combination of
regular expressions, and you
can build custom regular expressions for any programming language
(VBScript, C#, VB.NET, Java, PHP, etc.). Table 6-3
is an updated version of Table 6-2 that includes
examples of
Perl 5
regular expressions representing potential Java symptom code.

This is not a complete list of potential symptom code regular
expressions. In fact, some of these examples might produce false
positives, and others might produce false negatives. All special
characters that are to be treated as literals are escaped with the
\ character.

Table 6-3. Java symptom code

Symptom


Perl 5 regexes for Java code


Vulnerability/attack


Dynamic SQL


select.+from
insert.+into
update.+set


SQL injection


Methods for executing commands


(Runtime|getRuntime\(\)){0,1}\.exec


Command injection


File I/O methods


new\s+(java\.io\.){0,1}File\s*\(
new\s+(java\.io\.){0,1}FileReader\s*\(


Arbitrary file creation, reading


Writing inline request objects


\<\s*%\s*=.+request


Cross-site scripting


Cookie access methods


getCookies
addCookie


Broken access control


Plaintext database connection strings


jdbc\:


Information leakage, unauthorized access

You should also build regular expressions to flag code that might
indicate secure coding practices, such as possible sanitization
attempts. By quickly identifying possible sanitization techniques,
you might save time overall by avoiding blind exploitation attempts
and tailoring attacks to subvert known validation logic. An example
of this might be the inclusion of a single JSP file that houses
methods for certain input validation routines:

\@\s*include\s+file\s*=\s*\"validate\.jsp\"

As you become more familiar with the code base during the review, you
can tune the regular expressions to more accurately capture symptom
code. For example, if the code is well documented, it might be useful
to search for all instances of a particular
developer's name. The analysis tool can run multiple
times against the same source tree, revealing new symptom code on
each pass. A systematic and iterative approach to source code
analysis ensures greater code coverage, increased symptom code
detection, and ultimately, real vulnerability identification.

Source code analysis tools and symptom code databases are just
components of the symptomatic code approach and they
can't find all vulnerabilities. The tool is only as
good as its symptom database and the tester's
ability to construct meaningful regular expressions.
It's important to remember that source code analysis
tools and symptom code databases are intended to equip and enable the
tester, not to provide a complete solution.


/ 85