Flylib.com
Writing Secure Code
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors:
Michael Howard
,
David LeBlanc
BUY ON AMAZON
19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
Back Cover
About
Foreword
Introduction
Who Should Read this Book
What You Should Read
Sin 1: Buffer Overruns
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 2: Format String Problems
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 3: Integer Overflows
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 4: SQL Injection
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 5: Command Injection
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 6: Failing to HandleErrors
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sin
Redemption Steps
Other Resources
Summary
Sin 7: Cross-Site Scripting
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 8: Failing to Protect Network Traffic
Affected Languages
The Sin Explained
Related Sins
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 9: Use of Magic URLs and Hidden Form Fields
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 10: Improper Use ofSSLandTLS
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 11: Use of Weak Password-Based Systems
Affected Languages
The Sin Explained
Related Sins
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 12: Failing to Store and Protect Data Securely
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 13: Information Leakage
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 14: Improper File Access
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 15: Trusting Network Name Resolution
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Other Resources
Summary
Sin 16: Race Conditions
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 17: Unauthenticated KeyExchange
Affected Languages
The Sin Explained
Related Sins
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 18: Cryptographically Strong Random Numbers
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 19: Poor Usability
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Other Resources
Summary
Appendix A: Mapping the 19 Deadly Sins to the OWASP Top Ten
Appendix B: Summary of Dos andDonts
Sin 2: Format String Problems Summary
Sin 3: Integer Overflows Summary
Sin 4: SQL Injection Summary
Sin 5: Command Injection Summary
Sin 6: Failing to Handle Errors Summary
Sin 7: Cross-Site Scripting Summary
Sin 8: Failing to Protect Network TrafficSummary
Sin 9: Use of Magic URLs and Hidden Form FieldsSummary
Sin 10: Improper Use of SSL and TLS Summary
Sin 11: Use of Weak Password-Based SystemsSummary
Sin 12: Failing to Store and Protect Data Securely Summary
Sin 13: Information Leakage Summary
Sin 14: Improper File Access Summary
Sin 15: Trusting Network Name ResolutionSummary
Sin 16: Race Conditions Summary
Sin 17: Unauthenticated Key ExchangeSummary
Sin 18: Cryptographically Strong Random Numbers Summary
Sin 19: Poor Usability Summary
List of Figures
List of Tables
List of Sidebars
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors:
Michael Howard
,
David LeBlanc
BUY ON AMAZON
Qshell for iSeries
Running Qshell
The EDTF Text Editor
Additional Control Structures
The Perl Utility
C and C++ Development Tools
A+ Fast Pass
Domain 1 Installation, Configuration, and Upgrading
Domain 3 Preventive Maintenance
Domain 4 Motherboard/Processors/Memory
Domain 6 Basic Networking
Domain 1 Operating System Fundamentals
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Basic SWT Widgets
Combos and Lists
Drag and Drop and the Clipboard
Printing
JFace Windows and Dialogs
Visual C# 2005 How to Program (2nd Edition)
Wrap-Up
(Optional) Software Engineering Case Study: Identifying Class Operations in the ATM System
Wrap-Up
ListView Control
Wrap-Up
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Hack 22. Witness the Effects of a Nuclear Explosion
Hack 30. Stay Out of Traffic Jams
Hacks 4250: Introduction
Hack 54. Add a Nicer Info Window to Your Map with TLabel
Hack 61. Use the Right Developers Key Automatically
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
General Packet Radio Service Tunneling Protocol
Transparent Firewalls
Failover and Redundancy
Additional IPS Features
Configuring the Cisco ASA to Accept Remote-Access VPN Clients Using Certificates
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies