24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them

Michael Howard, John Viega


"What makes this publication so very important is that it displays the studies of 2 of the industry's so much skilled arms at getting real-world engineers to appreciate simply what they're being requested for whilst they are requested to put in writing safe code. The ebook displays Michael Howard's and David LeBlanc's event within the trenches operating with builders years after code used to be lengthy because shipped, informing them of problems." --From the Foreword by means of Dan Kaminsky, Director of Penetration checking out, IOActive

Eradicate the main infamous Insecure Designs and Coding Vulnerabilities

Fully up to date to hide the newest protection concerns, 24 lethal Sins of software program Security unearths the most typical layout and coding blunders and explains the way to repair each one one-or larger but, stay away from them from the beginning. Michael Howard and David LeBlanc, who educate Microsoft staff and the area how one can safe code, have partnered back with John Viega, who exposed the unique 19 lethal programming sins. they've got thoroughly revised the e-book to handle the latest vulnerabilities and feature extra 5 brand-new sins. This sensible advisor covers all structures, languages, and kinds of functions. get rid of those safety flaws out of your code:

  • SQL injection
  • Web server- and client-related vulnerabilities
  • Use of magic URLs, predictable cookies, and hidden shape fields
  • Buffer overruns
  • Format string problems
  • Integer overflows
  • C++ catastrophes
  • Insecure exception handling
  • Command injection
  • Failure to address errors
  • Information leakage
  • Race conditions
  • Poor usability
  • Not updating easily
  • Executing code with an excessive amount of privilege
  • Failure to guard kept data
  • Insecure cellular code
  • Use of susceptible password-based systems
  • Weak random numbers
  • Using cryptography incorrectly
  • Failing to guard community traffic
  • Improper use of PKI
  • Trusting community identify resolution

Show sample text content

Download sample