24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
by: Michael Howard, David LeBlanc, John Viega
Abstract: A fully revised and updated security bestseller–complete with five new sins. Michael Howard and David LeBlanc, who teach Microsoft employees and the world how to secure code, have partnered again with John Viega, who uncovered the original 19 deadly programming sins. They have completely updated their book to address the most recent vulnerabilities and have added five brand-new sins affecting mobile devices. 24 Deadly Sins of Software Security reveals the most common security coding errors and explains how to fix each one–or better yet, avoid them from the start. Essential for all software developers, the book covers all platforms, languages, and types of applications. "Ninety-five percent of software bugs are caused by the same 19 programming flaws." – Amit Yoran, Former Director, Department of Homeland Security’s National Cyber Security Division.
Full details
Table of Contents
- A. ABOUT THE AUTHORS
- B. FOREWORD
- C. ACKNOWLEDGMENTS
- D. INTRODUCTION
- 1. SQL INJECTION
- 2. WEB SERVER–RELATED VULNERABILITIES (XSS, XSRF, AND RESPONSE SPLITTING)
- 3. WEB CLIENT–RELATED VULNERABILITIES (XSS)
- 4. USE OF MAGIC URLS, PREDICTABLE COOKIES, AND HIDDEN FORM FIELDS
- 5. BUFFER OVERRUNS
- 6. FORMAT STRING PROBLEMS
- 7. INTEGER OVERFLOWS
- 8. C++ CATASTROPHES
- 9. CATCHING EXCEPTIONS
- 10. COMMAND INJECTION
- 11. FAILURE TO HANDLE ERRORS CORRECTLY
- 12. INFORMATION LEAKAGE
- 13. RACE CONDITIONS
- 14. POOR USABILITY
- 15. NOT UPDATING EASILY
- 16. EXECUTING CODE WITH TOO MUCH PRIVILEGE
- 17. FAILURE TO PROTECT STORED DATA
- 18. THE SINS OF MOBILE CODE
- 19. USE OF WEAK PASSWORD-BASED SYSTEMS
- 20. WEAK RANDOM NUMBERS
- 21. USING THE WRONG CRYPTOGRAPHY
- 22. FAILING TO PROTECT NETWORK TRAFFIC
- 23. IMPROPER USE OF PKI, ESPECIALLY SSL
- 24. TRUSTING NETWORK NAME RESOLUTION
Tools & Media
Expanded Table of Contents
- A. ABOUT THE AUTHORS
- B. FOREWORD
- C. ACKNOWLEDGMENTS
- D. INTRODUCTION
- 1. SQL INJECTION
- 2. WEB SERVER–RELATED VULNERABILITIES (XSS, XSRF, AND RESPONSE SPLITTING)
- 3. WEB CLIENT–RELATED VULNERABILITIES (XSS)
- 4. USE OF MAGIC URLS, PREDICTABLE COOKIES, AND HIDDEN FORM FIELDS
- 5. BUFFER OVERRUNS
- 6. FORMAT STRING PROBLEMS
- 7. INTEGER OVERFLOWS
- 8. C++ CATASTROPHES
- 9. CATCHING EXCEPTIONS
- 10. COMMAND INJECTION
- 11. FAILURE TO HANDLE ERRORS CORRECTLY
- 12. INFORMATION LEAKAGE
- 13. RACE CONDITIONS
- 14. POOR USABILITY
- 15. NOT UPDATING EASILY
- 16. EXECUTING CODE WITH TOO MUCH PRIVILEGE
- 17. FAILURE TO PROTECT STORED DATA
- 18. THE SINS OF MOBILE CODE
- 19. USE OF WEAK PASSWORD-BASED SYSTEMS
- 20. WEAK RANDOM NUMBERS
- 21. USING THE WRONG CRYPTOGRAPHY
- 22. FAILING TO PROTECT NETWORK TRAFFIC
- 23. IMPROPER USE OF PKI, ESPECIALLY SSL
- 24. TRUSTING NETWORK NAME RESOLUTION
Book Details
Title: 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
Publisher: : New York, Chicago, San Francisco, Lisbon, London, Madrid, Mexico City, Milan, New Delhi, San Juan, Seoul, Singapore, Sydney, Toronto
Copyright / Pub. Date: 2010 The McGraw-Hill Companies
ISBN: 9780071626750
Authors:
Michael Howard is the author of this McGraw-Hill Professional publication.
David LeBlanc is the author of this McGraw-Hill Professional publication.
John Viega is the author of this McGraw-Hill Professional publication.
Description: A fully revised and updated security bestseller–complete with five new sins. Michael Howard and David LeBlanc, who teach Microsoft employees and the world how to secure code, have partnered again with John Viega, who uncovered the original 19 deadly programming sins. They have completely updated their book to address the most recent vulnerabilities and have added five brand-new sins affecting mobile devices. 24 Deadly Sins of Software Security reveals the most common security coding errors and explains how to fix each one–or better yet, avoid them from the start. Essential for all software developers, the book covers all platforms, languages, and types of applications. "Ninety-five percent of software bugs are caused by the same 19 programming flaws." – Amit Yoran, Former Director, Department of Homeland Security’s National Cyber Security Division.
Required field
