19 Deadly Sins of Software Security
Programming flaws and how to fix them
Michael Howard, David Leblanc, John Viega
Résumé
This essential programming book for all software developers - regardless of platform, language, and type of application - outlines the "19 sins" and shows how to fix each one. Best-selling authors Michael Howard and David LeBlanc, who teach Microsoft employees how to secure code, have partnered with John Viega, the man who uncovered the 19 deadly programming sins, to write this much-needed book. Coverage includes:
- Windows, UNIX, Linux, and Mac OS X platforms
- C, C++, C#, Java, PHP, Perl, and Visual Basic programming languages
- Web, small client, and smart-client applications
L'auteur - Michael Howard
Michael Howard, currently a program manager on the Windows 2000 security team, has been at Microsoft for 8 years. Prior to working on Windows 2000 he was the security program manager for Internet Information Server 4.0 and 5.0. Michael has spoken about security-related issues at many events such as Microsoft TechEd, Microsoft Professional Developer's Conferences and numerous industry gatherings. He hails from New Zealand, where he worked with banking and government clients helping them design, develop and deploy Windows NT-based security solutions. Currently, Michael lives 10 miles from the Microsoft Redmond campus in sunny Bellevue with his wife, Cheryl and two Yorkshire Terriers; Squirt and Major.
L'auteur - David Leblanc
David LeBlanc, coauthor of Writing Secure Code, is a security architect at Microsoft. He works on teams to help improve application and network security and writes security auditing tools.
L'auteur - John Viega
John Viega, Founder and Chief Scientist of Secure Software (www.securesoftware.com), is a well-known security expert, and coauthor of Building Secure Software (Addison-Wesley) and Network Security with OpenSSL (O'Reilly). John is responsible for numerous software security tools, and is the original author of Mailman, the GNU mailing list manager. He holds a B.A. and M.S. in Computer Science from the University of Virginia. Mr. Viega is also an Adjunct Professor of Computer Science at Virginia Tech (Blacksburg, VA) and a Senior Policy Researcher at the Cyberspace Policy Institute, and he serves on the Technical Advisory Board for the Open Web Applications Security Project. He also founded a Washington, D.C. area security interest group that conducts monthly lectures presented by leading experts in the field. He is the author or coauthor of nearly 80 technical publications, including numerous refereed research papers and trade articles.
Sommaire
- Buffer Overflows
- Format String Problems
- SQL Injection
- Command Injection
- Failure to Handle Errors
- Cross-Site Scripting
- Failing to Protect Network Traffic
- Use of 'Magic' URLs and Hidden Forms
- Improper Use of SSL
- Use of Weak Password-Based Systems
- Failing to Store Data Securely
- Hard Coding Secrets
- Improper File Access
- Integer Range Errors
- Trusting Network Address Information
- Signal Race Conditions
- Unauthenticated Key Exchange
- Failing to Use Cryptographically Strong Random Numbers
- Poor Usability
Caractéristiques techniques
| PAPIER | |
| Éditeur(s) | Mc Graw Hill |
| Auteur(s) | Michael Howard, David Leblanc, John Viega |
| Parution | 30/09/2005 |
| Nb. de pages | 304 |
| Couverture | Broché |
| Poids | 509g |
| Intérieur | Noir et Blanc |
| EAN13 | 9780072260854 |
| ISBN13 | 978-0-07-226085-4 |
Avantages Eyrolles.com
Consultez aussi
- Les meilleures ventes en Graphisme & Photo
- Les meilleures ventes en Informatique
- Les meilleures ventes en Construction
- Les meilleures ventes en Entreprise & Droit
- Les meilleures ventes en Sciences
- Les meilleures ventes en Littérature
- Les meilleures ventes en Arts & Loisirs
- Les meilleures ventes en Vie pratique
- Les meilleures ventes en Voyage et Tourisme
- Les meilleures ventes en BD et Jeunesse
