DOCSLIB.ORG

This PDF Is Provided Solely As a Reader Service. It Is Not Intended for Reproduction Or Public Distribution

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
This PDF Is Provided Solely As a Reader Service. It Is Not Intended for Reproduction Or Public Distribution Copyright (c) 2007, CMP Media LLC. Important note: This PDF is provided solely as a reader service. It is not intended for reproduction or public distribution. For more information on obtaining a Reprint, please contact a Reprint Services Rep at 516.562.7026 or visit www.cmpreprints.com/faxback.jhtml CODEF SCANNERS A LL S E { Sense of Security? } AS MORE CUSTOM-BUILT SOFTWARE MAKES ITS WAY INTO YOUR APP INFRASTRUCTURE, THE THREAT LANDSCAPE IS SHIFTING. CAN AN AUTOMATED CODE SCANNER SECURE YOUR BUSINESS, OR WILL IT SIMPLY LULL THE IT STAFF WHILE CRIMINALS by Justin Schuh Illustration by Ryan Etter PROWL? REMEMBER WHEN ATTACKERS WERE JUST OUT FOR FAME AND requirements. Purpose-built apps provide the frame- glory, and application security was someone else’s prob- work for a huge range of business processes, from lem? Big targets like Microsoft and Oracle drew the fire. dynamic Web sites, SOA (service-oriented architecture) All enterprise IT had to do was apply patches regularly and e-commerce to business process automation and and keep a properly configured firewall. administration. They also provide a target-rich environ- Those days are gone. Cracking corporate networks is ment for would be attackers. no longer a kid’s game, it’s a lucrative criminal growth In response to this escalating threat, major compliance industry. The attackers who stole 45.6 million credit- standards like HIPAA and PCI DSS (Payment Card Industry and debit-card numbers Data Security Standard) are incorporating—or at least STRATEGIC from TJX Companies were implying the necessity of—application security processes. {}Security professional enough to Of course, where there’s a regulation, there’s a mar- remain undetected for at keting op. In this case, makers of automated source- least 10 months. Meanwhile, major software vendors, code analysis tools are shifting their focus from com- including Microsoft, have improved their security prac- mercial software vendors to enterprises. They say tices, which puts niche and in-house-developed software adopting their tools will let your developers build more and Web applications squarely in the bad guys’ sights. secure software and meet the compliance burden. It seems enterprise IT is finally grasping the liability But are they up to the job? insecure coding practices represent. Data protection and To find out, we brought three popular static source- application-software security were chosen as the most code analyzers into our Chicago Neohapsis partner lab: critical issues through 2008 in the 2006 CSI/FBI Comput- Fortify SCA (Source Code Analysis) 4.0, Klocwork K7.5 er Crime and Security Survey, above policy and regulatory and Ounce Labs’ Ounce 4.1. We also asked Coverity to compliance, and identity theft/data-leakage prevention. send its Prevent analyzer, but the company declined, If you think your network’s not at risk, consider that citing insufficient resources. most software isn’t built for commercial distribution; Each product has strengths and weaknesses, but any it’s developed in-house or on contract for specific would be a useful addition to a mature security process. IMPACT ASSESSMENT: SOURCE-CODE SEC URITY ANALYZERS BENEFIT RISK Source-code scanners can simplify Deploying an analyzer without the process of developing secure a security-focused SDLC (software software, a vital function given the IT Organization development lifecycle) will only number of custom applications exacerbate poor development deployed today—and the number practices. of attackers targeting them. Source-code scanners help establish Business users must accept that Business a trackable, repeatable process for a secure SDLC takes time. If devel- Organization producing secure software that will opers become overly dependent on serve the business, without making analyzers, they could eclipse other you a target. best practices. Business More secure software reduces When used incorrectly, scanners Competitiveness the chances of publicly reported provide a false sense of security vulnerabilities and compromises. and hinder genuine security efforts. Source-code scanners provide an additional tool for producing more secure software and preventing a major vulnerability from compromising data. BOTTOM LINE But they’re no panacea—as part of a security-focused SDLC, they can help. But code analysis alone will not keep attackers, or the compliance XXXXXXXXXpolice, at bay. Copyright (c) 2007, CMP Media LLC. Important note: This PDF is provided solely as a reader service. It is not intended for reproduction or public distribution. For more information on obtaining a Reprint, please contact a Reprint Services Rep at 516.562.7026 or visit www.cmpreprints.com/faxback.jhtml And therein lies our most important point: A code scan- ner, no matter how effective, is only part of the answer. TECHNIQUES TO EVALUATE Without adequate developer training and an SDLC (soft- EFFECTIVENESS OF SECURITY ware development lifecycle) that makes security a priority, Security audits no tool will protect your network. Sound familiar? 82%82% by internal sta We’ve long advocated a defense-in-depth strategy that recognizes that there is no perimeter. Security groups have Penetration testing 66%66% implemented technologies like host intrusion prevention, NAC and database-extrusion prevention that seek to Automated tools 66% thwart attackers who have infiltrated outer lines of Security audits by 662%2% defense before they gain access to sensitive information. external organization E-mail monitoring But that’s no longer enough. It’s time for enterprise 61%61% soware IT to partner with in-house and contract developers to Web activity 58%58% make security Job 1. The application development group monitoring soware and the security group all sit under the CIO, so even though security pros typically have had a different None 5% world view from developers, who are mainly concerned SSourcource: CompCompututeerr SecuritySecurity Institute with providing the functionality requested by the busi- ness, political issues can be overcome. for developers and software-security pros. Claiming an IT generalist can operate a source-code scanner is akin A CHILD CAN USE IT. REALLY. to saying a person can use a spell checker on a foreign- Along with most every other IT vendor, makers of applica- language document when he understands neither the tion-security scanners are piling on the compliance gravy language nor the subject matter. These tools do provide train, claiming that everyone from QA managers to project defect-tracking features that are useful at many levels, leads will find their wares provide valuable insight. but all that is contingent on results first being reviewed This is marketing spin, not reality. These are tools by a security-knowledgeable developer. Ultimately, you can’t automate your way to secure THE COMPLIANCE software—any combination of analysis tools is only as PERSPECTIVE effective as the security knowledge of the user. As Michael Howard, co-author of Writing Secure Code (Microsoft Press, 2002) and one of the lead architects of SINCE 2000, regulatory compliance actions have Microsoft’s current security posture, put it in his blog: targeted companies for data spills linked to applica- “Not-so-knowledgeable-developer + great tools = mar- tion vulnerabilities. Currently, the Federal Trade ginally more secure code.” Producing applications that Commission Web site lists settlements made with can withstand attack mandates that developers make Guidance Software, DSW Inc. and a real estate fundamental adjustments to the SDLC. We recommend services company, Nations Holding Co. Could an taking advantage of documented processes, including automated scanning tool have helped these organ- Microsoft’s SDL (Security Development Lifecycle), The izations escape compliance liability? Open Web Application Security Project’s CLASP (Com- Not on their own, no. Merely remediating vali- prehensive Lightweight Application Security Process) dated hits from an automated code scanner doesn’t and general techniques available at the National Cyber constitute “reasonable” or “appropriate” applica- Security Division’s “Build Security In” portal. tion security measures. Think of it this way: If you Analysis technology is advancing rapidly as well, with don’t own a calculator, buying one may help you do every vendor constantly trying to leapfrog rivals. That’s your taxes, but it’s a stretch to point to your calcu- good for customers, but it makes for a dynamic market. lator during an audit. By the same token, if scan- This is one technology that absolutely requires a pilot ning alone fails to find large and obvious classes of test to ensure a specific automated source-code analyzer vulnerabilities—including the most critical ones— is the right choice for your applications and development then remediating based on the results of scanning environment. In “Code Scanners Run the Gauntlet” (find alone falls far short of compliance. For more, see it at nwcreports.com), we discuss breadth of languages, “Weak Application Security Equals Noncompliance,” platforms and development environments supported. at nwc.com/go/0416infoweek. —Dave Stampley, Think of an analysis tool as a multiplier: In the hands Neohapsis general council of security-conscious developers, and with appropriate supporting process, a good code analyzer can help your company produce much more secure software. However, Copyright (c) 2007, CMP Media LLC. Important note: This PDF is provided solely as a reader service. It is not intended for reproduction
Load more

Recommended publications
  • OS/2 Warp Catalogue
    The OS/2 Software Source: www.xeu.com/blueware/ The OS/2 Warp Catalogue The Hottest Java The Strongest Platform The OS/2 Warp Catalogue In This Catalogue Anti-virus .......................................... 4 Backup .............................................. 4 It’s Java Time CD-ROMs ........................................ 4 Communications ........................ 6 Just when you thought that OS/2 was on its way back, it is receiving a strong Database Management .......... 9 infusion from Java and the internet. Development Tools ................ 10 As Dr. Michael Cowpland, president and CEO of Corel Disk Compression .................. 14 Corporation put it: “This platform is indeed one of the Games & Entertainment ..... 19 OS/2 Warp: best operating system solutions in which to run The Hottest Corel Office for Java (http://officeforjava.corel.com/), Graphics & Multimedia ........ 20 a suite of applications that is setting the standard for The Operating System ......... 21 Java Around! Java-based office suites, and marks another milestone OS/2 Warp is developing in the evolution of Java as a whole.” Productivity ................................. 21 into a strong and speedy Programmer’s Editors .......... 23 foundation for Java. The OS/2 Warp 4.0 Java implementation was recently This perfect fit is nicely updated with a better Virtual Machine (VM) and a REXX Programming ................ 23 symbolized by “Carmen” speedy Just In Time (JIT) compiler. Also, even older OS/2 the two-sided coffee cup versions, including Warp 3.0, Warp Connect Utilities & Tools ........................ 24 by dutch ceramist Erik-Jan |and Warp Server are now fully able to suppport Java. Books ............................................. 28 Kwakkel on the cover page. But the great work does not end with that: you can Registration Service .............
    [Show full text]
  • Buyers Guide Product Listings
    BUYERS GUIDE PRODUCT LISTINGS Visual Studio Magazine Buyers’ Guide Product Listings The 2009 Visual Studio Magazine Buyers’ Guide listings comprise more than 700 individual products and services, ranging from developer tooling and UI components to Web hosting and instructor-led training. Included for each product is contact and pricing information. Keep in mind that many products come in multiple SKUs and with varied license options, so it’s always a good idea to contact vendors directly for specific pricing. The developer tools arena is a vast and growing space. As such, we’re always on the prowl for new tools and vendors. Know of a product our readers might want to learn more about? E-mail us at [email protected]. BUG & FEATURE TRACKING Gemini—CounterSoft Starts at $1189 • countersoft.com • +44 (0)1753 824000 Rational ClearQuest—IBM Rational Software $1,810 • ibm.com/rational • 888-426-3774 IssueNet Intercept—Elsinore Technologies Call for price • elsitech.com • 866-866-0034 FogBugz 7.0—Fog Creek Software $199 • fogcreek.com • 888-364-2849; 212-279-2076 SilkPerformer—Borland Call for price • borland.com • 800-632-2864; 512-340-2200 OnTime 2009 Professional—Axosoft Starts at $795 for five users • axosoft.com • 800-653-0024; SourceOffSite 4.2—SourceGear 480-362-1900 $239 • sourcegear.com • 217-356-0105 Alexsys Team 2.10—Alexsys Surround SCM 2009—Seapine Software Starts at $145 • alexcorp.com • 888-880-2539; 781-279-0170 Call for price • seapine.com • 888-683-6456; 513-754-1655 AppLife DNA—Kinetic Jump Software TeamInspector—Borland
    [Show full text]
  • 2008 BZ Research Eclipse Adoption Study
    5th Annual Eclipse Adoption Study November 2008 (With comparisons to November 2007, November 2006, November 2005 and September 2004 Studies) 7 High Street, Suite 407 Huntington, NY 11743 631-421-4158 www.bzresearch.com © BZ Research November 2008 Eclipse Adoption Study © BZ Research November 2008 Table of Contents Table of Contents................................................................................................................................................... 2 Methodology .......................................................................................................................................................... 4 Universe Selection ................................................................................................................................................. 6 Question 1. Do the developers within your organization use Eclipse or Eclipse-based tools? ........................ 7 Question 2. Which version(s) of Eclipse are you using? .................................................................................... 8 Question 3. How long have you been using Eclipse or Eclipse-based tools and technologies (either at work, or for your personal projects)?.............................................................................................................................. 9 Question 4. What type of software are you (or your organization) developing using Eclipse-based tools and technologies? (Note: OSI refers to Open Source Initiative, see www.opensource.org for more information.) ...............................................................................................................................................................................10
    [Show full text]
  • Introducción a Linux Equivalencias Windows En Linux Ivalencias
    No has iniciado sesión Discusión Contribuciones Crear una cuenta Acceder Página discusión Leer Editar Ver historial Buscar Introducción a Linux Equivalencias Windows en Linux Portada < Introducción a Linux Categorías de libros Equivalencias Windows en GNU/Linux es una lista de equivalencias, reemplazos y software Cam bios recientes Libro aleatorio análogo a Windows en GNU/Linux y viceversa. Ayuda Contenido [ocultar] Donaciones 1 Algunas diferencias entre los programas para Windows y GNU/Linux Comunidad 2 Redes y Conectividad Café 3 Trabajando con archivos Portal de la comunidad 4 Software de escritorio Subproyectos 5 Multimedia Recetario 5.1 Audio y reproductores de CD Wikichicos 5.2 Gráficos 5.3 Video y otros Imprimir/exportar 6 Ofimática/negocios Crear un libro 7 Juegos Descargar como PDF Versión para im primir 8 Programación y Desarrollo 9 Software para Servidores Herramientas 10 Científicos y Prog s Especiales 11 Otros Cambios relacionados 12 Enlaces externos Subir archivo 12.1 Notas Páginas especiales Enlace permanente Información de la Algunas diferencias entre los programas para Windows y y página Enlace corto GNU/Linux [ editar ] Citar esta página La mayoría de los programas de Windows son hechos con el principio de "Todo en uno" (cada Idiomas desarrollador agrega todo a su producto). De la misma forma, a este principio le llaman el Añadir enlaces "Estilo-Windows". Redes y Conectividad [ editar ] Descripción del programa, Windows GNU/Linux tareas ejecutadas Firefox (Iceweasel) Opera [NL] Internet Explorer Konqueror Netscape /
    [Show full text]
  • Creating Telephony Applications for Both Windows® and Linux
    Application Note Dialogic Research, Inc. Dual OS Applications Creating Telephony Applications for Both Windows® and Linux: Principles and Practice Application Note Creating Telephony Applications for Both Windows® and Linux: Principles and Practice Executive Summary To help architects and programmers who only have experience in a Windows® environment move their telephony applications to Linux, this application note provides information that aims to make the transition easier. At the same time, it takes into account that the original code for Windows may not be abandoned. The ultimate goal is to demonstrate how to create flexible OS-agnostic telephony applications that are easy to build, deploy, and maintain in either environment. Creating Telephony Applications for Both Windows® and Linux: Principles and Practice Application Note Table of Contents Introduction .......................................................................................................... 2 Moving to a Dual Operating System Environment ................................................. 2 CMAKE ......................................................................................................... 2 Boost Jam .................................................................................................... 2 Eclipse .......................................................................................................... 3 Visual SlickEdit ............................................................................................. 3 Using Open Source Portable
    [Show full text]
  • Slickedit Plug-In for Eclipse V3.2 User Guide
    SlickEdit® Plug-In v3.3 for Eclipse™ SlickEdit® Plug-In v3.3 for Eclipse™ Information in this documentation is subject to change without notice and does not represent a commitment on the part of SlickEdit Inc. The software described in this document is protected by U.S. and international copyright laws and by other applicable laws, and may be used or copied only in accordance with the terms of the license or nondisclosure agreement that accompanies the software. It is against the law to copy the software on any medium except as specifically allowed in the license or nondisclosure agreement. The licensee may make one copy of the software for backup purposes. No part of this documentation may be reproduced or trans- mitted in any form or by any means, electronic or mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose other than the licensee's personal use, without the express written permission of SlickEdit Inc. Copyright 1988-2007 SlickEdit Inc. SlickEdit, Visual SlickEdit, Clipboard Inheritance, DIFFzilla, SmartPaste, Context Tagging, and Slick-C are registered trademarks of SlickEdit Inc. Code Quick | Think Slick is a trademark of SlickEdit Inc. All other products or company names are used for identifica- tion purposes only and may be trademarks of their respective owners. Protected by U.S. Patent 5,710,926. Table of Contents 1. Introduction ................................................................................................................... 1 How to Get the Most out
    [Show full text]
  • Slickedit® Core V3.7 for Eclipse™
    SlickEdit® Core v3.7 for Eclipse™ All editors are not created equal. At SlickEdit, our belief is that it’s the code that really matters. SlickEdit Core is designed for power programmers by power programmers. We take great pride in delivering unparalleled power, speed, and flexibility to our customers. Our goal is to remove the tedious tasks involved with programming, allowing you to focus on the reason you first got into programming: the thrill of writing great code. Use SlickEdit Core to write more code in less time. Cool Features Code Navigation • Type fewer characters and make fewer Use Ctrl+Dot to jump from a symbol to its definition. Use Ctrl+/ to list all errors using syntax expansion, completions, of the references for the current symbol and optionally jump to the first aliases, and code templates. reference. • Context Tagging ® builds a database of your Preview View symbols, allowing you to quickly navigate Displays the definition of the current symbol in the editor window, SPEED SPEED from a symbol to its definition or references allowing you to see the definition without having to open a separate without searching. buffer. • Use commands and key bindings to keep your hands on the keyboard for maximum References View Displays the list of references for a symbol. Use a single keystroke to productivity. open the References view for the current symbol, or you can type or select a symbol in the Symbol drop-down list. Syntax Expansion Expands common block structures ( if , for , try , etc.) when the initial keyword is typed. SlickEdit Core provides the power to work Surround With with your real-world projects.
    [Show full text]
  • Slick-C Macro Programming Guide
    ® Slick-C Macro Programming Guide for SlickEdit 2008 Information in this documentation is subject to change without notice and does not represent a commitment on the part of SlickEdit Inc. The software described in this documentation is protected by U.S. and international copyright laws and by other applicable laws, and may be used or copied only in accordance with the terms of the license or nondisclosure agreement that accompanies the software. It is against the law to copy the software on any medium except as specifically allowed in the license or nondisclosure agreement. The licensee may make one copy of the software for backup purposes. No part of this documentation may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose other than the licensee's personal use, without the express written permission of SlickEdit Inc. Copyright 1988-2008 SlickEdit Inc. Cover design copyright by SlickEdit Inc. Produced in the United States of America. SlickEdit, Visual SlickEdit, Clipboard Inheritance, DIFFzilla, SmartPaste, Context Tagging, Slick-C, and Code Quick | Think Slick are registered trademarks of SlickEdit Inc. All other products or company names are used for identification purposes only and may be trademarks of their respective owners. Protected by U.S. Patent 5,710,926. SE-1301-061108 TABLE OF CONTENTS Table of Contents Table of Contents 3 Welcome 9 Getting Help 9 Documentation 9 Product Support 9 Other Resources
    [Show full text]
  • Introducing Adafruit Pygamer Created by Kattni Rembor
    Introducing Adafruit PyGamer Created by Kattni Rembor Last updated on 2021-04-26 11:49:30 AM EDT Guide Contents Guide Contents 2 Overview 7 Which Board? 11 Similarities 11 Differences between PyGamer and PyBadge/PyBadge LC 11 Differences between PyBadge & PyBadge LC 11 Comparison Table 11 Update the PyGamer Bootloader 15 Updating Your PyGamer Bootloader 15 Oh no, I updated MacOS already and I can't see the boot drive! 17 Pinouts 18 Microcontroller and Flash 18 Power 19 Display 19 Build the PyGamer Case 24 Prep 25 Paper Protection 26 Speaker 27 Battery 28 Button Caps 29 Case Layers 30 Spacers 31 Backing 31 Fasteners 32 Load a MakeCode Game on PyGamer/PyBadge 35 Board Definition 36 Change Board screen 36 Bootloader Mode 37 Drag and Drop 38 Play! 38 CircuitPython 39 Set up CircuitPython Quick Start! 39 Further Information 39 Installing Mu Editor 41 Download and Install Mu 41 Using Mu 41 Creating and Editing Code 43 Creating Code 43 Editing Code 45 Your code changes are run as soon as the file is done saving. 45 1. Use an editor that writes out the file completely when you save it. 46 2. Eject or Sync the Drive After Writing 47 Oh No I Did Something Wrong and Now The CIRCUITPY Drive Doesn't Show Up!!! 47 Back to Editing Code... 47 Exploring Your First CircuitPython Program 47 Imports & Libraries 48 Setting Up The LED 48 Loop-de-loops 48 What Happens When My Code Finishes Running? 49 What if I don't have the loop? 49 © Adafruit Industries https://learn.adafruit.com/adafruit-pygamer Page 2 of 129 More Changes 49 Naming Your Program File 50 Connecting
    [Show full text]
  • IT CV for Claus Stovgaard
    C u r r i c u l um V i t a e IT expertise This support CV, gives a more detailed overview of my R&D and IT expertise. Any questions can be addressed to my mail address [email protected] My primary focus is firmware programming and design for embedded systems. The link between an input from the physical world through a sensor, reacting on this and bringing the result back to the physical world. This task will typical contain one or more connections to high level database systems. I target a solution where software design parameters like stability, flexibility, readability, maintenance and extension possibility is integrated with the maximum performance from the hardware. I prefer the agile development approach combined with tools like git for version control, Jenkins for CI and Google Mock / Google Test for unit testing. I believe in using opensource components to help accelerate development and contribute to upstream projects. Based on this have I changed my position more and more to become an embedded Linux architect. Next to my education, I have been working with system-administration for several years, including both server and network administration. Programming Language Years of experience Level C++ 10 High C 8 High Shell scripting (primarily BASH) 6 High LATEX 3 High VHDL 3 Medium Matlab / SciLab 3 Medium Perl 3 Medium Java 2 Medium Web: (X)HTML, CSS, JavaScript, PHP 5 Medium Python 3 Medium Assembler (eZ8, PIC, ARM7) 3 Low I currently prefer C++ as system language combined with Python for scripting / glue code. Operating systems System Years of experience Level Linux generally 14 High Gentoo 14 High Ubuntu/Debian 9 High Windows generally 18 High OS X 6 High eCos 1 Low QNX 1 Low My primary platform is Linux, as in my experince it supports development and system admi- nistration best.
    [Show full text]
  • Marketing Update
    Marketing Update Ian Skerrett Members Meeting October 27, 2004 August 3, 2004 Confidential | Date | Other Information, if necessary © 2002 IBM Corporation Success in Numbers ° Total number of members: 75 ° Strategic: 9 ° Add-in Provider: 59 ° Associate: 9 ° Number of open source projects: 34 ° Number of third party plug-ins: 640+ ° Number of books published about Eclipse: 19 (NetBeans 1) ° Number of books that mention Eclipse Java: 3,151 (Source: Amazon) ° Google hits for Eclipse Java: 1,600,000 (NetBeans java 170,000) ° Google hits for Eclipse RCP: 30,500 ° Eclipse related projects listed on SourceForge: 400+ (NetBeans 25) ° Hit to Eclipse Download server, not including mirrors (August 2004): 38 million ° Number of mirrors worldwide hosting Eclipse downloads: 37 in 22 countries Eclipse Community | information provided by the Eclipse Foundation SD Times Spotlight on Eclipse ° 17 Companies featured in special Eclipse supplement in SD Times Dec 1 issue. Agitar (Platinum) Aonix Catalyst Exadel (Gold) Hewlett-Packard IBM Inoopract Instantations Intel M1 Global M7 Mentor Graphics (Diamond) Parasoft (Gold) Perforce RTI SlickEdit WindRiver (Gold) ° Short window of time to still participate. Contact Ted Bahr, BZ Media or Ian Skerrett Eclipse Community | information provided by the Eclipse Foundation New Logos and Wordmark ° Original logo remains main identifier of Eclipse ° New logos being introduce to support the brand Eclipse ° New logos will be supported by Trademark Usage Guidelines Eclipse Community | information provided by the Eclipse
    [Show full text]
  • Vim Emulation
    www.slickedit.com Vim Emulation Visual mode only (leave cursor after new text) gP Cursor Movement Select a word aw Command mode only Copy text to clipboard y Cursor left Left arrow, Ctrl+J Select inner word iw Search forward (accomodates multipliers) / Copy selection to clipboard (visual) y Cursor right Right arrow, Ctrl+L Select |WORD| aW Search backward (accomodates multipliers) ? Copy line to clipboard Y Cursor up Up arrow, Ctrl+I Select inner |WORD| iW Forward repeat last search n Cursor down Down arrow, Ctrl+K Select a sentence as Backward repeat last search N Top of buffer Ctrl+Home, Ctrl+X Ctrl+U Select inner sentence is Forward character search f Command Line/Text Box Bottom of buffer Ctrl+End, Ctrl+X Ctrl+J Select a paragraph ap Backward character search F Begin line Home Editing Select inner paragraph ip Move cursor up to character t The following keys are different in all Text End line End, Ctrl+O Select a block ab Move cursor backward after character T Page up PgUp, Ctrl+B Boxes except the command line if the Select inner block ib Repeat character search ; CUA Text Box check box is enabled Page down PgDn, Ctrl+F Select a Block aB Reverse repeat character search , Previous word Ctrl+Left (Tools > Options > Redefine Select inner Block iB Set bookmark m Common Keys): Next word Ctrl+Right Top of window Ctrl+PgUp Cut selection Ctrl+X Bottom of window Ctrl+PgDn Inserting Text Selection Copy selection to clipboard Ctrl+C Indent to next tab stop Tab Quote next character typed Ctrl+V Select character/stream Alt+Z Paste Ctrl+V Indent
    [Show full text]