The Software Vulnerability Guide

The Software Security Reference that Every Developer Needs!

In today's market, secure software is a must for consumers. Many developers, however, are not familiar with the techniques needed to produce secure code or detect existing vulnerabilities. The Software Vulnerability Guide helps developers and testers better understand the underlying security flaws in software and provides an easy-to-use reference for security bugs. Most of these bugs (and the viruses, worms, and exploits that derive from them) start out as programmer mistakes. With this guide, professional programmers and testers will learn how to find, fix, and prevent these vulnerabilities before their software reaches the market. Detailed explanations and examples are provided for each of the vulnerabilities, as well as a summary sheet that can be referenced quickly. Tools that make it easier to recognize and prevent vulnerabilities are also explored, and source code snippets, commentary, and techniques are provided in easy-to-read sidebars. This guide is a must have for today's software developers.

KEY FEATURES

• Includes coding examples in a variety of languages, including C, C++, Java, VB.NET, scripting languages, and more
• Features a detailed discussion and examples for each vulnerability, along with a summary sheet that can be referenced quickly and easily
• Includes tips for uncovering vulnerabilities in a diverse array of systems, including what it might look like in code, and how the offending code can be fixed
• Covers vulnerabilities such as dynamic linking and loading, buffer overflows, creating temporary files, forceful browsing, spoofing, and SQL injection
• Includes a CD-ROM with source code and many of the tools discussed in the book

ON THE CD

(See Appendix A for more details)

• COMPANION TOOLS - Includes the Libnet API, Ethreal network protocol analyzer, Ettercap, John The Ripper password cracker, Nemesis network packet and injection utility, Nessus vulnerability scanner, Nikto vulnerability scanner, Nmap security scanner, RATS auditing tool, SATAN, and Tcpdump network sniffer/analyzer
• SOURCE EXAMPLES - Contains the source code examples and project files included in each of the chapters
• FIGURES - All the images used in the book