Flylib.com
Writing Secure Code
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors:
Michael Howard
,
David LeBlanc
BUY ON AMAZON
19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
Back Cover
About
Foreword
Introduction
Who Should Read this Book
What You Should Read
Sin 1: Buffer Overruns
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 2: Format String Problems
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 3: Integer Overflows
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 4: SQL Injection
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 5: Command Injection
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 6: Failing to HandleErrors
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sin
Redemption Steps
Other Resources
Summary
Sin 7: Cross-Site Scripting
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 8: Failing to Protect Network Traffic
Affected Languages
The Sin Explained
Related Sins
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 9: Use of Magic URLs and Hidden Form Fields
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 10: Improper Use ofSSLandTLS
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 11: Use of Weak Password-Based Systems
Affected Languages
The Sin Explained
Related Sins
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 12: Failing to Store and Protect Data Securely
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 13: Information Leakage
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 14: Improper File Access
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 15: Trusting Network Name Resolution
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Other Resources
Summary
Sin 16: Race Conditions
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 17: Unauthenticated KeyExchange
Affected Languages
The Sin Explained
Related Sins
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 18: Cryptographically Strong Random Numbers
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Sin 19: Poor Usability
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Other Resources
Summary
Appendix A: Mapping the 19 Deadly Sins to the OWASP Top Ten
Appendix B: Summary of Dos andDonts
Sin 2: Format String Problems Summary
Sin 3: Integer Overflows Summary
Sin 4: SQL Injection Summary
Sin 5: Command Injection Summary
Sin 6: Failing to Handle Errors Summary
Sin 7: Cross-Site Scripting Summary
Sin 8: Failing to Protect Network TrafficSummary
Sin 9: Use of Magic URLs and Hidden Form FieldsSummary
Sin 10: Improper Use of SSL and TLS Summary
Sin 11: Use of Weak Password-Based SystemsSummary
Sin 12: Failing to Store and Protect Data Securely Summary
Sin 13: Information Leakage Summary
Sin 14: Improper File Access Summary
Sin 15: Trusting Network Name ResolutionSummary
Sin 16: Race Conditions Summary
Sin 17: Unauthenticated Key ExchangeSummary
Sin 18: Cryptographically Strong Random Numbers Summary
Sin 19: Poor Usability Summary
List of Figures
List of Tables
List of Sidebars
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors:
Michael Howard
,
David LeBlanc
BUY ON AMAZON
Network Security Architectures
Everything Is a Weapon
Attacker Types
Applied Knowledge Questions
Network Design Refresher
References
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
Computers as Persuasive Media Simulation
Credibility and Computers
Credibility and the World Wide Web
Increasing Persuasion through Mobility and Connectivity
Captology Looking Forward
Ruby Cookbook (Cookbooks (OReilly))
Sorting an Array by Frequency of Appearance
Changing the Permissions on a File
Extending Specific Objects with Modules
Setting Up and Tearing Down a Curses Program
Running Code as Another User
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
Getting Faster to Get Better Why You Need Both Lean and Six Sigma
Success Story #1 Lockheed Martin Creating a New Legacy
Executing Corporate Strategy with Lean Six Sigma
Service Process Challenges
Raising the Stakes in Service Process Improvement
Special Edition Using FileMaker 8
Assigning Field Options
Many-to-Many Relationships: Solving the Puzzle
Launch Files
Getting Out What You Put In
FileMaker Extra: Soliant Development Standards
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
Adding Text to Shapes and the Drawing Page
Formatting Individual Shapes
Adding Decorative Elements to Diagrams
Key Points
Adding Door, Window, and Furniture Shapes to Office Layouts
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies