Main
Order
Praise
Resources
Book Code
Errata
About the Authors
Web Resources
Here are the resources to which we refer in our book. If you notice something missing,
Mail us!
Chapter 1
The Bugtraq mailing list
www.securityfocus.com/archive/1
CERT coordnation center
www.cert.org
RISKS digest
catless.ncl.ac.uk/Risks
Differential Power Analysis
www.cryptography.com/dpa
Full Disclosure
1
,
2
,
3
Chapter 2
Companies offering security engineering consulting services
Mail us to be added to the list.
The authors' respective companies:
Secure Software
and
Cigital
.
Neohapsis
-- offers source code review as well as black box testing.
IT-Security and Consulting, Dominik Vogt
Chapter 3
RMI over IIOP link
At Sun
At OpenORB
At Weblogic
Chapter 6
Source-level security auditing tools
RATS
ITS4
Flawfinder
Pscan
(only looks for format string problems)
LcLint
(can find buffer overflows; requires annotating code)
Cqual
(requires annotating code with types)
Chapter 7
Resources for exploit scripts
Securiteam exploits
Hacker's Club
Root Shell
(nothing new in a couple of years)
A snprintf implementation
vsnprintf.c
vsnprintf.h
"Tools that can help" against buffer overflows
Nonexecutable stack patches for Linux
1
,
2
Type-safe (C-like) languages:
Java
;
Cyclone
GCC array bounds checking patch
StackGuard
Purify
Libsafe
Link to "Tao of Windows Buffer Overflow" by Dildog
http://www.cultdeadcow.com/cDc_files/cDc-351/
Chapter 8
Sandboxing tools
See the section "Access Control Tools"
here
Chapter 9
Implementation of Gutmann's secure file wipe algorithm
filewipe.c
Implementation of NFS-safe file locking
LockFile.py
Chapter 10
Build your own random number generator
Wayne's Random Noise Generator
TrueRand implementation
truerand.sh
The pLab Project
Home Page
DIEHARD
Home Page
Chapter 11
Base 64 implementation
base64.c
Hash Cash
Home Page
Stunnel
The
stunnel.org web page
Secure popen/system sample
Viega code
Trusted CA Certs
Resources from stunnel FAQ
Running your own CA
With OpenSSL
with pyCA
Snake Oil FAQ
Home page
Local mirror
Chapter 12
ISO 8859-1 character set
table
by Martin Ramsch
Chapter 13
Crack tools
Crack
(see the section Software)
l0phtcrack
John the Ripper
The word list database (entries are null-separated, but otherwise ascii)
wordlist.dat
Chapter 15
Netrek mkkey site
http://web.mit.edu/thouis/res-rsa-2.9.2/
Appendix A
Encryption packages that are free for some uses
Cryptlib
OpenSSL
Crypto++
Copyright © 2001 by John Viega and Gary McGraw.