Computer Science
19 Deadly Sins of Software Security - Programming Flaws and How to Fix Them
Publisher: McGraw-Hill Osborne, 2005, 304pp, 1st ed.
Ninety-five percent of software bugs are caused by the same 19 programming flaws. Secure your software by eliminating code vulnerabilities from the start. This essential book for all software developers--regardless of platform, language, and type of application--outlines the 19 sins of software security and shows how to fix each one.
Table of contents
| 1 | Buffer overruns | 1 |
| 2 | Format string problems | 17 |
| 3 | Integer overflows | 25 |
| 4 | SQL injection | 45 |
| 5 | Command injection | 63 |
| 6 | Failing to handle errors | 73 |
| 7 | Cross-site scripting | 83 |
| 8 | Failing to protect network traffic | 99 |
| 9 | Use of magic URLs and hidden form fields | 113 |
| 10 | Improper use of SSL and TLS | 125 |
| 11 | Use of weak password-based systems | 143 |
| 12 | Failing to store and protect data securely | 161 |
| 13 | Information leakage | 183 |
| 14 | Improper file access | 197 |
| 15 | Trusting network name resolution | 207 |
| 16 | Race conditions | 217 |
| 17 | Unauthenticated key exchange | 227 |
| 18 | Cryptographically strong random numbers | 235 |
| 19 | Poor usability | 247 |
| A | Mapping the 19 deadly sins to the OWASP "top ten" | 261 |
| B | Summary of do's and don'ts | 263 |