24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them

摘要: "What makes this book so important is that it reflects the experiences of two industry's most experienced hands at getting real-world engineers to understand just what they're being asked for when write secure code. The Michael Howard's and David LeBlanc's experience in trenches working with developers years after code was long since shipped, informing them problems." --From Foreword by Dan Kaminsky, Director Penetration Testing, IOActive Eradicate Most Notorious Insecure Designs Coding Vulnerabilities Fully updated cover latest security issues, 24 Deadly Sins Software Security reveals common design coding errors explains how fix each one-or better yet, avoid from start. Howard LeBlanc, who teach Microsoft employees world code, have partnered again John Viega, uncovered original 19 deadly programming sins. They completely revised address recent vulnerabilities added five brand-new This practical guide covers all platforms, languages, types applications. Eliminate these flaws your code: SQL injection Web server- client-related vulnerabilities Use magic URLs, predictable cookies, hidden form fields Buffer overruns Format string problems Integer overflows C++ catastrophes Insecure exception handling Command injection Failure handle errors Information leakage Race conditions Poor usability Not updating easily Executing too much privilege Failure protect stored data Insecure mobile code Use weak password-based systems Weak random numbers Using cryptography incorrectly Failing network traffic Improper use PKI Trusting name resolution Table contents Part I: Web Application Sins; Chapter 1: SQL Injection; 2: Server Side Cross-Site Scripting; 3: Web-Client Related Vulnerabilities; Part II: Implementation 4: Use Magic URLs Chapter 5: Buffer Overruns; 6: Format String Problems; 7: Integer Overflows; 8: C++ Catastrophes; 9: Catching All Exceptions; 10: Command 11: Failure Handle Errors; 12: Information Leakage; 13: Race Conditions; 14: Poor Usability; 15: Not Updating Easily; III: Cryptographic 16: Using Least Priveleges; 17: Weak Password Systems; 18: Unauthenticated Key Exchange; 19: Random Numbers;Part IV: Networking Sins;Chapter 20: Wrong Algorithm; 21: Protect Network Traffic; 22: Trusting Name Resolution; V: Stored Data 23: Improper SSL/TLS; 24: