Secure Programming for Linux and Unix HOWTO (PDF 168P)
Secure Programming for Linux and Unix HOWTO (PDF 168P)
Secure Programming for Linux and Unix HOWTO (PDF 168P)
This note covers the following topics: background, history of unix,
linux, and open source, security principles, why do programmers write insecure
code?, is open source good for security?, types of secure programs, paranoia is
a virtue, why did i write this document?, sources of design and implementation
guidelines, other sources of security information, document conventions, summary
of linux and unix security features, processes, files, system v ipc, sockets and
network connections, signals, quotas and limits, dynamically linked libraries,
audit, pam, specialized security extensions for unix-like systems, security
requirements, common criteria introduction, security environment and
objectives,validate all input, command line, environment variables, file
descriptors, file names, file contents, web-based application inputs (especially
cgi scripts), other inputs, human language (locale) selection, character
encoding, prevent cross-site malicious content on input, filter html/uris that
may be re-presented, remove or forbid some html data, encoding html data,
validating html data, validating hypertext links (uris/urls), other html tags,
related issues, forbid http get to perform non-queries, counter spam, limit
valid input time and load level, avoid buffer overflow, dangers in c/c++,
library solutions in c/c++, standard c library solution, static and dynamically
allocated buffers, strlcpy and strlcat, libmib, c++ std
This PDF covers the following topics related to Linux/UNIX Security :
Core security concepts, Maintaining confidentiality, Keeping our data safe from
intruders, Integrity, Authentication, Security from the start, inetd vs. iptfw,
Firewalling, Controlling your users, Cracklib, etc.
Author(s): Hervey Allen, Network Startup Resource
Center
This PDF covers the following topics
related to UNIX Security : Overview of UNIX System, Privileges in UNIX,
Attackers, Threats to UNIX Systems, Classes of Security Flaws, Improper Choice
of Initial Protection Domain, Network, Solutions, etc.
Author(s): Matt Bishop, Dept. of Computer
Science, University of California at Davis
This note covers the
following topics: modifying and hacking security tools, writing plugins for
nessus, developing dissectors and plugins for the ettercap network sniffer,
extending hydra and nmap, writing plugins for the nikto vulnerability scanner,
writing modules for the metasploit framework, extending code analysis to the
webroot, modifying and hacking security tools, fun with linux kernel modules,
developing web assessment tools and scripts, automated exploit tools, writing
network sniffers, writing packetinjection tools, colophon.