Flylib.com
.NODE
Writing Secure Code
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors:
Michael Howard
,
David LeBlanc
BUY ON AMAZON
19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
Back Cover
About
Foreword
Introduction
Who Should Read this Book
What You Should Read
Sin 1: Buffer Overruns
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 2: Format String Problems
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 3: Integer Overflows
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 4: SQL Injection
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 5: Command Injection
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 6: Failing to HandleErrors
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sin
Redemption Steps
Other Resources
Summary
Sin 7: Cross-Site Scripting
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 8: Failing to Protect Network Traffic
Affected Languages
The Sin Explained
Related Sins
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 9: Use of Magic URLs and Hidden Form Fields
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 10: Improper Use ofSSLandTLS
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 11: Use of Weak Password-Based Systems
Affected Languages
The Sin Explained
Related Sins
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 12: Failing to Store and Protect Data Securely
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 13: Information Leakage
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 14: Improper File Access
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 15: Trusting Network Name Resolution
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Other Resources
Summary
Sin 16: Race Conditions
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 17: Unauthenticated KeyExchange
Affected Languages
The Sin Explained
Related Sins
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 18: Cryptographically Strong Random Numbers
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 19: Poor Usability
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Other Resources
Summary
Appendix A: Mapping the 19 Deadly Sins to the OWASP Top Ten
Appendix B: Summary of Dos andDonts
Sin 2: Format String Problems Summary
Sin 3: Integer Overflows Summary
Sin 4: SQL Injection Summary
Sin 5: Command Injection Summary
Sin 6: Failing to Handle Errors Summary
Sin 7: Cross-Site Scripting Summary
Sin 8: Failing to Protect Network TrafficSummary
Sin 9: Use of Magic URLs and Hidden Form FieldsSummary
Sin 10: Improper Use of SSL and TLS Summary
Sin 11: Use of Weak Password-Based SystemsSummary
Sin 12: Failing to Store and Protect Data Securely Summary
Sin 13: Information Leakage Summary
Sin 14: Improper File Access Summary
Sin 15: Trusting Network Name ResolutionSummary
Sin 16: Race Conditions Summary
Sin 17: Unauthenticated Key ExchangeSummary
Sin 18: Cryptographically Strong Random Numbers Summary
Sin 19: Poor Usability Summary
List of Figures
List of Tables
List of Sidebars
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors:
Michael Howard
,
David LeBlanc
BUY ON AMAZON
Similar book on Amazon
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Code Complete: A Practical Handbook of Software Construction, Second Edition
Software Security: Building Security In
24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Configuring, Manipulating, and Reusing ORM Models
Reverse Engineering and Importing to ORM
Conceptual Model Reports
Generating a Physical Database Schema
Other Features and Best Practices
ERP and Data Warehousing in Organizations: Issues and Challenges
ERP Systems Impact on Organizations
ERP System Acquisition: A Process Model and Results From an Austrian Survey
The Second Wave ERP Market: An Australian Viewpoint
Intrinsic and Contextual Data Quality: The Effect of Media and Personal Involvement
Relevance and Micro-Relevance for the Professional as Determinants of IT-Diffusion and IT-Use in Healthcare
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Cisco IPC Express Architecture Overview
Caller Features
Troubleshooting Installation Problems
Appendix A. Cisco IPC Express Features, Releases, and Ordering Information
Table vm_mbxusers
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Hack 6. Share Google Maps
Hack 15. Map a Slideshow of Your Travels
Hack 26. Follow Your Packets Across the Internet
Hack 27. Add Google Maps to Any Web Site
Hacks 5161: Introduction
InDesign Type: Professional Typography with Adobe InDesign CS2
Readability
Leading Menu Options and Keyboard Shortcuts
Centering Type
Align to Grid
Up Next
What is Lean Six Sigma
The Four Keys to Lean Six Sigma
Key #3: Work Together for Maximum Gain
Key #4: Base Decisions on Data and Facts
Making Improvements That Last: An Illustrated Guide to DMAIC and the Lean Six Sigma Toolkit
Six Things Managers Must Do: How to Support Lean Six Sigma
Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy