Flylib.com
Writing Secure Code
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors:
Michael Howard
,
David LeBlanc
BUY ON AMAZON
19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
Back Cover
About
Foreword
Introduction
Who Should Read this Book
What You Should Read
Sin 1: Buffer Overruns
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 2: Format String Problems
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 3: Integer Overflows
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 4: SQL Injection
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 5: Command Injection
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 6: Failing to HandleErrors
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sin
Redemption Steps
Other Resources
Summary
Sin 7: Cross-Site Scripting
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 8: Failing to Protect Network Traffic
Affected Languages
The Sin Explained
Related Sins
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 9: Use of Magic URLs and Hidden Form Fields
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 10: Improper Use ofSSLandTLS
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 11: Use of Weak Password-Based Systems
Affected Languages
The Sin Explained
Related Sins
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 12: Failing to Store and Protect Data Securely
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 13: Information Leakage
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 14: Improper File Access
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 15: Trusting Network Name Resolution
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Other Resources
Summary
Sin 16: Race Conditions
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 17: Unauthenticated KeyExchange
Affected Languages
The Sin Explained
Related Sins
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 18: Cryptographically Strong Random Numbers
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 19: Poor Usability
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Other Resources
Summary
Appendix A: Mapping the 19 Deadly Sins to the OWASP Top Ten
Appendix B: Summary of Dos andDonts
Sin 2: Format String Problems Summary
Sin 3: Integer Overflows Summary
Sin 4: SQL Injection Summary
Sin 5: Command Injection Summary
Sin 6: Failing to Handle Errors Summary
Sin 7: Cross-Site Scripting Summary
Sin 8: Failing to Protect Network TrafficSummary
Sin 9: Use of Magic URLs and Hidden Form FieldsSummary
Sin 10: Improper Use of SSL and TLS Summary
Sin 11: Use of Weak Password-Based SystemsSummary
Sin 12: Failing to Store and Protect Data Securely Summary
Sin 13: Information Leakage Summary
Sin 14: Improper File Access Summary
Sin 15: Trusting Network Name ResolutionSummary
Sin 16: Race Conditions Summary
Sin 17: Unauthenticated Key ExchangeSummary
Sin 18: Cryptographically Strong Random Numbers Summary
Sin 19: Poor Usability Summary
List of Figures
List of Tables
List of Sidebars
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors:
Michael Howard
,
David LeBlanc
BUY ON AMAZON
Java I/O
Buffers and Channels
Validation
Absolute Put and Get
File Descriptors
Character Sets and Unicode
Project Management JumpStart
Initiating the Project
Breaking Down the Project Activities
Developing the Project Plan
Budgeting 101
Appendix C Sample Project Management Checklists
Image Processing with LabVIEW and IMAQ Vision
NI Vision Builder for Automated Inspection
Image Acquisition
Image Distribution
Frame Grabbing
Quantitative Analysis
Java How to Program (6th Edition) (How to Program (Deitel))
Declaring a Class with a Method and Instantiating an Object of a Class
Self-Review Exercises
Special Section: Building Your Own Compiler
Manipulating URLs
Appendix C. Keywords and Reserved Words
Cisco IOS Cookbook (Cookbooks (OReilly))
Changing the Network Type on an Interface
Summarizing Outbound Routing Information
Authenticating BGP Peers
Restricting Peers
Using Named and Reflexive Access-Lists
Digital Character Animation 3 (No. 3)
Finalizing Your Design
Creating Characters
Understanding Motion
Posing the Body Naturally
Conclusion
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies