Search This Blog

Wednesday, January 7, 2009

19 Deadly Sins of Software Security (Security One-off)

“Ninety-five percent of software bugs are caused by the same 19 programming flaws.” —Amit Yoran, Former Director of The Department of Homeland Security’s National Cyber Security Division

Secure your software by eliminating code vulnerabilities from the start. This essential book for all software developers--regardless of platform, language, and type of application--outlines the 19 sins of software security and shows how to fix each one. Best-selling authors Michael Howard and David LeBlanc, who teach Microsoft employees how to write secure code, have partnered with John Viega, the man who uncovered the 19 deadly programming sins to write this hands-on guide. Detailed code examples throughout show the code defects as well as the fixes and defenses. If you write code, you need this book. Eliminate these security flaws from your code:

Buffer overruns

Format string problems

Integer overflows

SQL injection

Command injection

Failure to handle errors

Cross-site scripting

Failure to protect network traffic

Use of magic URLs and hidden forms

Improper use of SSL

Use of weak password-based systems

Failure to store and protect data securely

Information leakage

Trusting network address resolution

Improper file access

Race conditions

Unauthenticated key exchange

Failure to use cryptographically strong random numbers

Poor usability

No comments: