Home | Amazing | Today | Tags | Publishers | Years | Account | Search 
19 Deadly Sins of Software Security (Security One-off)

Buy

This essential book for all software developers--regardless of platform, language, or type of application--outlines the “19 deadly sins” of software security and shows how to fix each one. Best-selling authors Michael Howard and David LeBlanc, who teach Microsoft employees how to secure code, have partnered with John Viega, the man who uncovered the 19 deadly programming sins to write this much-needed book. Coverage includes:

  • Windows, UNIX, Linux, and Mac OS X
  • C, C++, C#, Java, PHP, Perl, and Visual Basic
  • Web, small client, and smart-client applications
In early 2004, Amit Yoran, then the director of the National Cyber Security Division at the U.S. Department of Homeland Security, announced that about 95 percent of software security bugs come from 19 “common, well-understood” programming mistakes. We are not going to insult your intelligence and explain the need for secure software in today’s interconnected world—we assume you know the reasons—but we will outline how to find and remedy these common security defects in your code.

The worrisome thing about security defects is they are really easy to make, and the results of a very simple one-line error can be catastrophic. The coding defect that led to the Blaster worm was two lines long.

If there is only one bit of wisdom we can offer you, it’s this: “No programming language or platform will make your software secure for you. Only you can do that.” There is a lot of literature on creating secure software, and the authors of this book have written some of the most influential material, but there is a need for a small, easy-to-read, pragmatic book on the subject that covers all the bases quickly.

When writing this book, we stuck by a simple set of rules to keep it pragmatic:

  • Keep it simple. We didn’t focus on unnecessary drivel. There are no war stories, no funny anecdotes; it’s just the pertinent facts. You probably just want to get your job done, and wish to make your code as a good as possible in the shortest amount of time; hence we kept the book simple so you can refer to it rapidly and get the facts you need.

  • Keep it short. A follow-on from the previous point: by focusing on the facts, and nothing else, we were able to keep the book short. In fact, we’ll keep this introduction short too.

  • Make it cross platform. The Internet is a complex place, with myriads of interconnected computing devices running different operating systems and written using many programming languages. We wanted to make this book appeal to all developers, so the examples in this book apply to most operating systems.

  • Make it cross language. A follow-on from the previous point: most examples apply to different languages, and we show plenty of security defects in numerous languages throughout the book.

(HTML tags aren't allowed.)

The Future of Telecommunications Industries
The Future of Telecommunications Industries
Communication is a crucial basis for the development of each individual's social identity as well as for intellectual and commercial exchange and economic development. Therefore, the question is not whether telecommunications industries have a future but what kind of future old and new players will have, given the dynamic changes in technologies...
Guide to Networking Essentials, Fourth Edition
Guide to Networking Essentials, Fourth Edition

This book is intended to serve the needs of individuals and information systems pro- fessionals who are interested in learning more about networking technologies, but who may have little or no background in this subject matter. In the first edition of this book, the materials were originally designed to help individuals prepare for Microsoft...

Microsoft Visual C# 2012 Step by Step (Step By Step (Microsoft))
Microsoft Visual C# 2012 Step by Step (Step By Step (Microsoft))
Microsoft Visual C# is a powerful but simple language aimed primarily at developers creating applications by using the Microsoft .NET Framework. It inherits many of the best features of C++ and Microsoft Visual Basic, but few of the inconsistencies and anachronisms, resulting in a cleaner and more logical language. C# 1.0 made its...

Combinatorial Optimization and Applications: Second International Conference, COCOA 2008, St. John's, NL, Canada, August 21-24, 2008, Proceedings
Combinatorial Optimization and Applications: Second International Conference, COCOA 2008, St. John's, NL, Canada, August 21-24, 2008, Proceedings
The papers in this volume were presented at the Second International Conference on Combinatorial Optimization and Applications (COCOA 2008), held August 21–24, 2008, in St. John’s, Newfoundland, Canada. The topics cover most areas in combinatorial optimization and applications.

A total of 84 papers were submitted, of which 44
...
Cognitive Systems: Joint Chinese-German Workshop, Shanghai, China, March 7-11, 2005, Revised Selected Papers
Cognitive Systems: Joint Chinese-German Workshop, Shanghai, China, March 7-11, 2005, Revised Selected Papers
This book constitutes the thoroughly refereed post-proceedings of the Joint Chinese-German Workshop on Cognitive Systems held in Shanghai in March 2005.

The 13 revised papers presented were carefully reviewed and selected from numerous submissions for inclusion in the book. The workshop served to present the current state of the art in the new...

The CSS Anthology: 101 Essential Tips, Tricks & Hacks
The CSS Anthology: 101 Essential Tips, Tricks & Hacks
The CSS Anthology: 101 Essential Tips, Tricks & Hacks is a compilation of best practice solutions to the most challenging CSS problems. The third edition of this best-selling book, published in full color, has been completely revised and updated to cover the latest techniques and newer browsers, including Firefox 3 and Internet Explorer 8.

...

©2019 LearnIT (support@pdfchm.net) - Privacy Policy