19 Deadly Sins of Software Security (Security One-off) (Paperback)

This essential book for all software developers--regardless of platform, language, or type of application--outlines the “19 deadly sins” of software security and shows how to fix each one. Best-selling authors Michael Howard and David LeBlanc, who teach Microsoft employees how to secure code, have partnered with John Viega, the man who uncovered the 19 deadly programming sins to write this much-needed book. Coverage includes:

• Windows, UNIX, Linux, and Mac OS X
• C, C++, C#, Java, PHP, Perl, and Visual Basic
• Web, small client, and smart-client applications

“Ninety-five percent of software bugs are caused by the same 19 programming flaws.” —Amit Yoran, Former Director of The Department of Homeland Security’s National Cyber Security Division

Secure your software by eliminating code vulnerabilities from the start. This essential book for all software developers--regardless of platform, language, and type of application--outlines the 19 sins of software security and shows how to fix each one. Best-selling authors Michael Howard and David LeBlanc, who teach Microsoft employees how to write secure code, have partnered with John Viega, the man who uncovered the 19 deadly programming sins to write this hands-on guide. Detailed code examples throughout show the code defects as well as the fixes and defenses. If you write code, you need this book. Eliminate these security flaws from your code:

• Buffer overruns
• Format string problems
• Integer overflows
• SQL injection
• Command injection
• Failure to handle errors
• Cross-site scripting
• Failure to protect network traffic
• Use of magic URLs and hidden forms
• Improper use of SSL
• Use of weak password-based systems
• Failure to store and protect data securely
• Information leakage
• Trusting network address resolution
• Improper file access
• Race conditions
• Unauthenticated key exchange
• Failure to use cryptographically strong random numbers
• Poor usability

Michael Howard, CISSP, is an architect of the security process changes at Microsoft and a co-author of Processes to Produce Secure Software published by the Department of Homeland Security’s National Cyber Security Division. He is a Senior Security Program Manager in the Security Engineering Group at Microsoft Corporation and co-author of Writing Secure Code (Microsoft Press). David LeBlanc, Ph.D., is Chief Software Architect for Webroot Software, and was formerly Security Architect in the Office group at Microsoft. He is co-author of Writing Secure Code. John Viega is the CTO of Secure Software. He first defined the 19 deadly sins of software security for the Department of Homeland Security. He is co-author of many security books including Building Secure Software (Addison-Wesley).