| In today’s market, secure software is a must for consumers. Many developers, however, are not familiar with the techniques needed to produce secure code or detect existing vulnerabilities. The Software Vulnerability Guide focuses on the origin of most software vulnerabilities, including the bugs in the underlying software used to develop IT infrastructures and the Internet. Most of these security bugs (and the viruses, worms, and exploits that derive from them) started out as programmer mistakes. With this easy-to-use guide, professional programmers and testers will learn how to recognize and prevent these vulnerabilities before their software reaches the market. For each of the 30 common software vulnerabilities featured the authors provide a summary, description of how the vulnerability occurs, and famous examples of how it has been used. Tips on how to find and fix the vulnerability in software are also provided along with source code snippets, commentary, tools, and techniques in easy-to-read sidebars. This guide is a must-have for today’s software developers.
KEY FEATURES
* Includes coding examples in a variety of languages, including C, C++, Java, VB, .NET, scripting languages, and more
* Provides tips for uncovering vulnerabilities in a diverse array of systems, including what it may look like in code, and how the offending code can be fixed
* Covers vulnerabilities such as permitting default or weak passwords, cookie poisoning, exchanging sensitive data in plain text, leaving things in memory, and format string attacks
* Includes a CD-ROM with all of the source code, as well as many freeware/shareware tools discussed in the book
About the Author
Herbert Thomas is the Director of Security Technology at Security Innovation LLC and serves on the graduate faculty of the Florida Institute of Technology. He is the co-author of How to Break Sofware Security: Effective Techniques for Security Testing and is a frequent speaker at industry conferences. Scott Chase is a Security Architect at SI Government Solutions, where he manages key research projects for the US government. He has also worked as a university researcher in information security and as a software tester in industry. |
|
