| This essential book for all software developers--regardless of platform, language, or type of application--outlines the 19 deadly sins of software security and shows how to fix each one. Best-selling authors Michael Howard and David LeBlanc, who teach Microsoft employees how to secure code, have partnered with John Viega, the man who uncovered the 19 deadly programming sins to write this much-needed book. Coverage includes: - Windows, UNIX, Linux, and Mac OS X
- C, C++, C#, Java, PHP, Perl, and Visual Basic
- Web, small client, and smart-client applications
About the Authors Michael Howard is a senior security program manager in the security engineering group at Microsoft Corp., and is coauthor of the award-winning Writing Secure Code . He is a coauthor of the Basic Training column in IEEE Security& Privacy Magazine and a coauthor of the National Cyber Security Partnership task forces Processes to Produce Secure Software document for the Department of Homeland Security. As an architect of Microsofts Security Development Lifecycle, Michael spends most of his time defining and enforcing security best practice and software development process improvements to deliver more secure software to normal humans . David LeBlanc, Ph.D., is currently Chief Software Architect for Webroot Software. Prior to joining Webroot, he served as security architect for Microsofts Office division, was a founding member of the Trustworthy Computing initiative, and worked as a white-hat hacker in Microsofts network security group. David is also the coauthor of Writing Secure Code and Assessing Network Security , as well as numerous articles. John Viega is the original author of the 19 deadly programming flaws that received press and media attention, and this book is based on his discoveries. He is the founder and CTO of Secure Software. He co- authored the first book on software security, Building Secure Software , and also co-authored Network Security and Cryptography with OpenSSL and the Secure Programming Cookbook . He is the primary author of the CLASP process for introducing security into the development lifecycle, and is responsible for several open source software security tools. John has been an adjunct professor of computer science at Virginia Tech and Senior Policy Researcher at the Cyberspace Policy Institute. John is also a well-known researcher in software security and cryptography, and works on standards for secure networking and software security. |
