作者:Michael Howard, David LeBlanc, John Viega
出版日期:July 26, 2005
出版社:McGraw-Hill
页数:304
ISBN:ISBN-10: 0072260858 ISBN-13: 978-0072260854
文件格式:CHM
This essential book for all software developers–regardless ofplatform, language, or type of application–outlines the “19 deadlysins” of software security and shows how to fix each one. Best-sellingauthors Michael Howard and David LeBlanc, who teach Microsoft employeeshow to secure code, have partnered with John Viega, the man whouncovered the 19 deadly programming sins to write this much-neededbook. Coverage includes:
Windows, UNIX, Linux, and Mac OS XC, C++, C#, Java, PHP, Perl, and Visual BasicWeb, small client, and smart-client applicationsFrom the Back Cover
“Ninety-five percent of software bugs are caused by the same 19programming flaws.” —Amit Yoran, Former Director of The Department ofHomeland Security’s National Cyber Security Division
Secure your software by eliminating code vulnerabilities from thestart. This essential book for all software developers–regardless ofplatform, language, and type of application–outlines the 19 sins ofsoftware security and shows how to fix each one. Best-selling authorsMichael Howard and David LeBlanc, who teach Microsoft employees how towrite secure code, have partnered with John Viega, the man whouncovered the 19 deadly programming sins to write this hands-on guide.Detailed code examples throughout show the code defects as well as thefixes and defenses. If you write code, you need this book. Eliminatethese security flaws from your code:
Buffer overrunsFormat string problemsInteger overflowsSQL injectionCommand injectionFailure to handle errorsCross-site scriptingFailure to protect network trafficUse of magic URLs and hidden formsImproper use of SSLUse of weak password-based systemsFailure to store and protect data securelyInformation leakageTrusting network address resolutionImproper file accessRace conditionsUnauthenticated key exchangeFailure to use cryptographically strong random numbersPoor usabilityMichael Howard, CISSP, is an architect of the security processchanges at Microsoft and a co-author of Processes to Produce SecureSoftware published by the Department of Homeland Security’s NationalCyber Security Division. He is a Senior Security Program Manager in theSecurity Engineering Group at Microsoft Corporation and co-author ofWriting Secure Code (Microsoft Press). David LeBlanc, Ph.D., is ChiefSoftware Architect for Webroot Software, and was formerly SecurityArchitect in the Office group at Microsoft. He is co-author of WritingSecure Code. John Viega is the CTO of Secure Software. He first definedthe 19 deadly sins of software security for the Department of HomelandSecurity. He is co-author of many security books including BuildingSecure Software (Addison-Wesley).