482 tampering – threat modeling
functions disallowed, 134
fuzzing, 146
gray box, 182, 188, 208, 400, 408, 441, 446
integration testing, 400
interfaces, 139, 237, 370, 377
for malware, 160
manual, 451
matrix, 399
misuse, 302, 432
mutation, 369
order, 185
orthogonal array, 399
parallel, 436
patches and, 181
regression testing, 142, 373, 376, 395,
399, 400, 439
software, 187, 190
source code access and, 178
statement coverage tests, 379
system testing, 400
test coverage analysis, 372
tools, 253, 429
unit testing, 400
use case, 432
virtualization and, 169
web applications, 134
web browsers, 135, 224
white box, 182, 188, 208, 399, 400,
408, 418
TFTP (Trivial File Transfer Protocol), 348
TGS (ticket-granting service), 365, 405
TGT, using, 108
threat modeling, 3, 393, 401
assets, 318
attackers, 318
categorization, 373
goals, 177
mitigation, 148
PASTA, 24
social engineering, 318
software, 318
STRIDE, 4, 10, 24
threatens, 148tampering, solutions, 146
tapes, 171, 337
clearing, 391
rotation scheme, 157
TBAC (task-based access control), 361
TCB (Trusted Computing Base), 343, 453
TCP (Transmission Control Protocol),
80 –81, 206
TCP 443, 128
TCP 445, 128
TCP 1433, 128
TCP header, 309
TCP ports
80, 350
protocols, 348
TCP scans, 380, 449
TCP SYN packets, denial of service attack,
7
team reviews, 397
teardrop attacks, 356
technical controls, 16, 324
technology management, 197
Tel net , 330
alternatives, 37
versus SSH, 32
TEMPEST program, 343, 408
terminating employees, 18, 26
test coverage, 279, 441
test directories, 417
testing, 261
black box, 143, 182, 188, 208, 370, 371,
396, 399, 400, 408
blue box, 182, 188, 399, 400
Bluetooth security, 136
code, 400
code coverage, 374
coverage report, 376
designing, 128
disaster recovery, 157, 215
dynamic testing, 394, 432
e-commerce applications, 144
exploits, 221
full interruption, 436, 456