Flylib.com
Writing Secure Code
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors:
Michael Howard
,
David LeBlanc
BUY ON AMAZON
19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
Back Cover
About
Foreword
Introduction
Who Should Read this Book
What You Should Read
Sin 1: Buffer Overruns
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 2: Format String Problems
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 3: Integer Overflows
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 4: SQL Injection
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 5: Command Injection
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 6: Failing to HandleErrors
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sin
Redemption Steps
Other Resources
Summary
Sin 7: Cross-Site Scripting
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 8: Failing to Protect Network Traffic
Affected Languages
The Sin Explained
Related Sins
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 9: Use of Magic URLs and Hidden Form Fields
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 10: Improper Use ofSSLandTLS
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 11: Use of Weak Password-Based Systems
Affected Languages
The Sin Explained
Related Sins
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 12: Failing to Store and Protect Data Securely
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 13: Information Leakage
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 14: Improper File Access
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 15: Trusting Network Name Resolution
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Other Resources
Summary
Sin 16: Race Conditions
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 17: Unauthenticated KeyExchange
Affected Languages
The Sin Explained
Related Sins
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 18: Cryptographically Strong Random Numbers
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 19: Poor Usability
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Other Resources
Summary
Appendix A: Mapping the 19 Deadly Sins to the OWASP Top Ten
Appendix B: Summary of Dos andDonts
Sin 2: Format String Problems Summary
Sin 3: Integer Overflows Summary
Sin 4: SQL Injection Summary
Sin 5: Command Injection Summary
Sin 6: Failing to Handle Errors Summary
Sin 7: Cross-Site Scripting Summary
Sin 8: Failing to Protect Network TrafficSummary
Sin 9: Use of Magic URLs and Hidden Form FieldsSummary
Sin 10: Improper Use of SSL and TLS Summary
Sin 11: Use of Weak Password-Based SystemsSummary
Sin 12: Failing to Store and Protect Data Securely Summary
Sin 13: Information Leakage Summary
Sin 14: Improper File Access Summary
Sin 15: Trusting Network Name ResolutionSummary
Sin 16: Race Conditions Summary
Sin 17: Unauthenticated Key ExchangeSummary
Sin 18: Cryptographically Strong Random Numbers Summary
Sin 19: Poor Usability Summary
List of Figures
List of Tables
List of Sidebars
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors:
Michael Howard
,
David LeBlanc
BUY ON AMAZON
Software Configuration Management
A Practical Approach to Documentation and Configuration Status Accounting
Metrics and Configuration Management Reference
Appendix M Problem Report (PR)
Appendix T Software Configuration Management Plan (SCMP)
Appendix V Functional Configuration Audit (FCA) Checklist
WebLogic: The Definitive Guide
EJBs and Transactions
Node Manager
Monitoring a WebLogic Domain
Miscellaneous Extensions
Using the SNMP Agent
Cisco Voice Gateways and Gatekeepers
Connecting to PBXs
DSP Resources
CallManager and Gatekeepers
Quantitative Methods in Project Management
Project Value: The Source of all Quantitative Measures
Organizing and Estimating the Work
Expense Accounting and Earned Value
Special Topics in Quantitative Management
Quantitative Methods in Project Contracts
MPLS Configuration on Cisco IOS Software
TE Basics
Implementing Layer 3 VPNs over L2TPv3 Tunnels
Hierarchical VPLS-Distributed PE Architecture
Implementing Quality of Service in MPLS Networks
Case Study 5: Implementing Dynamic Layer 3 VPNs Using mGRE Tunnels
VBScript in a Nutshell, 2nd Edition
Functions and Procedures
Error Handling
The Form-Based Development Environment
Section A.14. Program Structure and Flow
Section B.3. Date and Time Constants
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies