19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them

石头

作者：Michael Howard, David LeBlanc, John Viega
出版日期：July 26, 2005
出版社：McGraw-Hill
页数：304
ISBN：ISBN-10: 0072260858 ISBN-13: 978-0072260854
文件格式：CHM

This essential book for all software developers–regardless ofplatform, language, or type of application–outlines the “19 deadlysins” of software security and shows how to fix each one. Best-sellingauthors Michael Howard and David LeBlanc, who teach Microsoft employeeshow to secure code, have partnered with John Viega, the man whouncovered the 19 deadly programming sins to write this much-neededbook. Coverage includes:

• Windows, UNIX, Linux, and Mac OS X
• C, C++, C#, Java, PHP, Perl, and Visual Basic
• Web, small client, and smart-client applications

From the Back Cover
“Ninety-five percent of software bugs are caused by the same 19programming flaws.” —Amit Yoran, Former Director of The Department ofHomeland Security’s National Cyber Security Division
Secure your software by eliminating code vulnerabilities from thestart. This essential book for all software developers–regardless ofplatform, language, and type of application–outlines the 19 sins ofsoftware security and shows how to fix each one. Best-selling authorsMichael Howard and David LeBlanc, who teach Microsoft employees how towrite secure code, have partnered with John Viega, the man whouncovered the 19 deadly programming sins to write this hands-on guide.Detailed code examples throughout show the code defects as well as thefixes and defenses. If you write code, you need this book. Eliminatethese security flaws from your code:

• Buffer overruns
• Format string problems
• Integer overflows
• SQL injection
• Command injection
• Failure to handle errors
• Cross-site scripting
• Failure to protect network traffic
• Use of magic URLs and hidden forms
• Improper use of SSL
• Use of weak password-based systems
• Failure to store and protect data securely
• Information leakage
• Trusting network address resolution
• Improper file access
• Race conditions
• Unauthenticated key exchange
• Failure to use cryptographically strong random numbers
• Poor usability

Michael Howard, CISSP, is an architect of the security processchanges at Microsoft and a co-author of Processes to Produce SecureSoftware published by the Department of Homeland Security’s NationalCyber Security Division. He is a Senior Security Program Manager in theSecurity Engineering Group at Microsoft Corporation and co-author ofWriting Secure Code (Microsoft Press). David LeBlanc, Ph.D., is ChiefSoftware Architect for Webroot Software, and was formerly SecurityArchitect in the Office group at Microsoft. He is co-author of WritingSecure Code. John Viega is the CTO of Secure Software. He first definedthe 19 deadly sins of software security for the Department of HomelandSecurity. He is co-author of many security books including BuildingSecure Software (Addison-Wesley).