Add Prime to get Fast, Free delivery

Kindle
$39.99

Available instantly

Paperback
$29.94 - $61.00

$61.00

FREE Returns

FREE delivery Monday, January 13. Order within 15 hrs 52 mins

In Stock

$$61.00 () Includes selected options. Includes initial monthly payment and selected options. Details

Ships from

Amazon.com

Sold by

Amazon.com

Returns

30-day refund/replacement

Payment

Secure transaction

Add a gift receipt for easy returns

$29.94

Get Fast, Free Shipping with Amazon Prime FREE Returns

The book may have minor cosmetic wear like creased spine, cover, scratches, curled corners, folded pages, minor sunburn, minor water damage, minor bent. The book may have some highlights, notes, underlined pages. Accessories such as CD, codes, toys, may not be included . Safe and Secure Mailer. No Hassle Return The book may have minor cosmetic wear like creased spine, cover, scratches, curled corners, folded pages, minor sunburn, minor water damage, minor bent. The book may have some highlights, notes, underlined pages. Accessories such as CD, codes, toys, may not be included . Safe and Secure Mailer. No Hassle Return See less

FREE delivery Monday, January 13 on orders shipped by Amazon over $35

Or fastest delivery Sunday, January 12. Order within 15 hrs 52 mins

Only 1 left in stock - order soon.

$$61.00 () Includes selected options. Includes initial monthly payment and selected options. Details

Access codes and supplements are not guaranteed with used items.

Enhancements you chose aren't available for this seller. Details

${cardName} not available for the seller you chose

${cardName} unavailable for quantities greater than ${maxQuantity}.

Sold by Kuleli Books and Fulfilled by Amazon.

Other sellers on Amazon

New & Used (30) from $25.88 + $3.99 shipping

Image Unavailable

Image not available for
Color:

To view this video download Flash Player

Follow the authors

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them: Programming Flaws and How to Fix Them 1st Edition

by Michael HOWARD (Author)

4.4 53 ratings

See all formats and editions

{"desktop_buybox_group_1":[{"displayPrice":"$61.00","priceAmount":61.00,"currencySymbol":"$","integerValue":"61","decimalSeparator":".","fractionalValue":"00","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"jGHoazJzKYYNeTIvLYYt6fI3JooUVdoP%2BCBUzz20XxGjeIm5NlLhtpyfDBMWva7vBXkj%2FPKjJDXBr5qVRb9DEoadwKGeqRFG8iC%2BBnlTSlvzJf03Ms%2BMkFYDRKdgTGG2LRann4NRBZ8%3D","locale":"en-US","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}, {"displayPrice":"$29.94","priceAmount":29.94,"currencySymbol":"$","integerValue":"29","decimalSeparator":".","fractionalValue":"94","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"jGHoazJzKYYNeTIvLYYt6fI3JooUVdoPHGHCGO%2FtHfhdY1TowDkx8w5OVvSPRg5jqhuXZFpYbMcdB1Rzy%2F4%2FZZoKPjHDndJFmDL%2BX0woUz%2FyDd141LzWKXzbKTtBT1FSNJzgO9PJnBQFf0FgYjxcSwk00UFPQKm1YWLOg9J00cc7egsOiQzzA%2FsxVWAuf5zs","locale":"en-US","buyingOptionType":"USED","aapiBuyingOptionIndex":1}]}

Purchase options and add-ons

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.

Eradicate the Most Notorious Insecure Designs and Coding Vulnerabilities

Fully updated to cover the latest security issues, 24 Deadly Sins of Software Security reveals the most common design and coding errors and explains how to fix each one-or better yet, avoid them from the start. Michael Howard and David LeBlanc, who teach Microsoft employees and the world how to secure code, have partnered again with John Viega, who uncovered the original 19 deadly programming sins. They have completely revised the book to address the most recent vulnerabilities and have added five brand-new sins. This practical guide covers all platforms, languages, and types of applications. Eliminate these security flaws from your code:

SQL injection
Web server- and client-related vulnerabilities
Use of magic URLs, predictable cookies, and hidden form fields
Buffer overruns
Format string problems
Integer overflows
C++ catastrophes
Insecure exception handling
Command injection
Failure to handle errors
Information leakage
Race conditions
Poor usability
Not updating easily
Executing code with too much privilege
Failure to protect stored data
Insecure mobile code
Use of weak password-based systems
Weak random numbers
Using cryptography incorrectly
Failing to protect network traffic
Improper use of PKI
Trusting network name resolution

From the brand

As a leading global education company, our mission is to partner with educators, learners, and professionals to help them access all the value that education can offer, no matter where their starting points may be.

For over 130 years, we have never stopped innovating to meet the ever-changing needs of educators and learners around the world – and will continue to support and celebrate their efforts every step of the way.

WARNING: California’s Proposition 65

Editorial Reviews

From the Publisher

Michael Howard is is a principal security program manager on the Trustworthy Computing Group’s Security Engineering team at Microsoft. He is the author or coauthor of many well-known software security books and is an editor of IEEE Security & Privacy.

David LeBlanc, Ph.D., is a principal software development engineer on the Microsoft Office security team. He is a coauthor, with Michael Howard, of Writing Secure Code (Microsoft Press).

John Viega is CTO of the SaaS Business Unit at McAfee and was previously their chief security architect. He is the author of five other security books. Mr. Viega first defined the 19 deadly sins of software security for the Department of Homeland Security.

About the Author

David LeBlanc, Ph.D., is currently Chief Software Architect for Webroot Software. Prior to joining Webroot, he served as security architect for Microsoft's Office division, was a founding member of the Trustworthy Computing Initiative, and worked as a white-hat hacker in Microsoft's network security group. David is also co-author of Writing Secure Code and Assessing Network Security, as well as numerous articles. On good days, he'll be found riding the trails on his horse with his wife, Jennifer.

John Viega discovered the 19 deadly programming flaws that received such press and media attention, and this book is based on his discovery. He is the Founder and Chief Scientist of Secure Software (www.securesoftware.com), is a well-known security expert, and coauthor of Building Secure Software (Addison-Wesley), Network Security with OpenSSL (O'Reilly) an Adjunct Professor of Computer Science at Virginia Tech (Blacksburg, VA) and Senior Policy Researcher at the Cyberspace Policy Institute, and he serves on the Technical Advisory Board for the Open Web Applications Security Project. He also founded a Washington, D.C. area security interest group that conducts monthly lectures presented by leading experts in the field. John is responsible for numerous software security tools, and is the original author of Mailman, the GNU mailing list manager. He holds a B.A. and M.S. in Computer Science from the University of Virginia. He is the author or coauthor of nearly 80 technical publications, including numerous refereed research papers and trade articles. He is coauthor of Building Secure Software, Network Security and Cryptography with OpenSSL and The Secure Programming Cookbook for C and C++.

Michael Howard is is a principal security program manager on the Trustworthy Computing Group’s Security Engineering team at Microsoft. He is the author or coauthor of many well-known software security books and is an editor of IEEE Security & Privacy.

David LeBlanc, Ph.D., is a principal software development engineer on the Microsoft Office security team. He is a coauthor, with Michael Howard, of Writing Secure Code (Microsoft Press).

John Viega is CTO of the SaaS Business Unit at McAfee and was previously their chief security architect. He is the author of five other security books. Mr. Viega first defined the 19 deadly sins of software security for the Department of Homeland Security.

Product details

Publisher ‏ : ‎ McGraw Hill; 1st edition (September 3, 2009)
Language ‏ : ‎ English
Paperback ‏ : ‎ 432 pages
ISBN-10 ‏ : ‎ 0071626751
ISBN-13 ‏ : ‎ 978-0071626750
Item Weight ‏ : ‎ 2.31 pounds
Dimensions ‏ : ‎ 7.38 x 0.98 x 9.12 inches

Best Sellers Rank: #1,219,611 in Books (See Top 100 in Books)
- #506 in Security Certifications
- #799 in Computer Hacking
- #977 in Computer Network Security

Customer Reviews:
4.4 53 ratings

Brief content visible, double tap to read full content.

Full content visible, double tap to read brief content.

Videos

Help others learn more about this product by uploading a video!

Upload your video

About the authors

Follow authors to get new release updates, plus improved recommendations.

Michael Howard
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.
Discover more of the author’s books, see similar authors, read book recommendations and more.
See more on the author's page
John Viega
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.
John is Executive Vice President at SilverSky, the leader in cloud security solutions. John is the former editor-in-chief for IEEE Security and Privacy Magazine, and his technical work in cryptography has been standardized by NIST, the IEEE and IETF. Prior to SilverSky, John was CTO for Software-as-a-Service at McAfee.
John started out writing fiction in high school and college, but Randy Pausch (of Last Lecture Fame) convinced him to make a career in technology.
See more on the author's page

Customer reviews

53 global ratings

How customer reviews and ratings work

Review this product

Write a customer review

Customers say

Customers find the book provides a nice overview of common vulnerabilities and remediation options in software security. It covers basic application security thoroughly, providing something for every software engineer. The content is interesting and well-written, making it a great reference. Readers appreciate the clear explanations of problems and remediation options provided.

AI-generated from the text of customer reviews

Select to learn more

Software security Book content Readability Remediation options

7 customers mention "Software security"7 positive0 negative

Customers find the book provides a good overview of common software security problems and how to remediate them. They say it covers basic application security thoroughly. The authors are knowledgeable about software vulnerabilities due to mistakes made during software development. The book is an excellent resource for any software professional, including developers. It describes each risk with code samples and summarizes the information needed to understand the types.

"...Wins all round. This book covers multiple common types of security vulnerability, explaining what, why and how and giving examples of..." Read more

"...The book lends itself to being a decent text book on software security problems and its basic structure is not a bad approach to an introduction to..." Read more

"...This book meets that need by summarizing the major risks in software security in a readable, to-the-point manner...." Read more

"...book is the update to the 19 Deadly Sins, and does a tremendous job summarizing the information needed to understand the types of errors prevalent..." Read more

6 customers mention "Book content"6 positive0 negative

Customers find the book content easy to read and a great reference. They say it provides an interesting introduction to common software problems and provides a good overview of the topic. The chapters stand alone well and most references to other chapters are clear.

"...It serves as a great introduction to the most common problems in software development that lead to security issues without getting bogged down in..." Read more

"Great book. Easy to read." Read more

"...Overall, is a good book, but extra research is necessary in order to fully understand the contents, what is also a good idea because the contents..." Read more

"Great overview of the topic..." Read more

6 customers mention "Readability"6 positive0 negative

Customers find the book readable and well-written. They say it makes clear where problems are and how to correct them.

"...The book can be read cover to cover or you can cherry-pick the section(s) that are relevant (or which simply catch your interest) at any given time...." Read more

"...The organization of the book lends itself to a straight read through and as a jump around reference to cover the problems you need to look at when..." Read more

"...that need by summarizing the major risks in software security in a readable, to-the-point manner...." Read more

"...It maked clear, where are the problems and how to correct it. You don't need to be a security expect to do things in a secure way." Read more

3 customers mention "Remediation options"3 positive0 negative

Customers like the remediation options. Reviewers mention vulnerabilities and how remediation can be done. The book provides additional remediation if available.

"...some of the ways you can avoid the problems and provides additional remediation if available...." Read more

"...testing techniques, remediation steps, and additional references...." Read more

"It is a pretty nice overview on common vulnerabilities and how remediation can be done...." Read more

Top reviews from the United States

There was a problem filtering reviews right now. Please try again later.

Codemonkey
Great overview of the topic
Reviewed in the United States on November 13, 2013
Verified Purchase
Originally stumbled across a copy of 19 Deadly Sins in a half price bookstore and found myself thoroughly engrossed. When I discovered there was a second edition with even more information, I was all over it.

Software Security is a topic that all too often gets overlooked in the development process. That does a disservice to the client, the product, the developer and the company and not just for the obvious reasons. You see the same thought processes and practices which are required to build secure software also result in cleaner, less buggy, higher quality code. Wins all round.

This book covers multiple common types of security vulnerability, explaining what, why and how and giving examples of the problems and ways to mitigate / avoid them in multiple languages. More importantly, it gets you thinking about these important issues and about the quality of your code in general.

The book can be read cover to cover or you can cherry-pick the section(s) that are relevant (or which simply catch your interest) at any given time. Personally I prefer the latter as I absorb information better when I am particularly interested in the topic at hand.

This book has something for every software engineer, no matter what you work on. Highly recommended food for thought. :)

Read more

4 people found this helpful

Helpful

Report
Mike
24 Deadly Sins of Software Security
Reviewed in the United States on August 9, 2010
Verified Purchase
24 Deadly Sins carries on in the great tradition of the original 19 Deadly Sins but has expanded to cover problems that have developed since then as well as added coverage for more programing languages. It serves as a great introduction to the most common problems in software development that lead to security issues without getting bogged down in the weeds on any of them. It does not go into a great deal of detail so if that is what you are looking for this isn't the book you want but it does do what it sets out to do.

The organization of the book lends itself to a straight read through and as a jump around reference to cover the problems you need to look at when you need to look at them. Most chapters stand alone quite well and most references to other chapters are about closely related sins. It describes the basics of the problem, goes into more detail and helps you try to spot the problem in various languages. It covers some of the ways you can avoid the problems and provides additional remediation if available.

The book lends itself to being a decent text book on software security problems and its basic structure is not a bad approach to an introduction to the topic. I've been teaching an introduction to secure development class for a couple of years that was mostly based on the original book and I'm finishing updating that to the new 24 Deadly Sins breakdown.

Read more

9 people found this helpful

Helpful

Report
Customer Greg
Very useful for developers
Reviewed in the United States on June 24, 2014
Verified Purchase
This book is an excellent resource for any software professional. As massive data breaches and security vulnerabilities continue to fill the news, I began to wonder what I should be looking for in my own code to make it more secure. This book meets that need by summarizing the major risks in software security in a readable, to-the-point manner. Each risk is described, and then followed with code samples (in a variety of languages relevant to the flaw, including C, C++, Java, Perl, Ruby, Python, C#, and others), testing techniques, remediation steps, and additional references. If you're looking for a great reference to quickly bring you up to speed on the major software security flaws and how to handle them, this is it.

Read more

Helpful

Report
W. Conklin
Great Summarization
Reviewed in the United States on December 6, 2011
Verified Purchase
This book is the update to the 19 Deadly Sins, and does a tremendous job summarizing the information needed to understand the types of errors prevalent in software today. This is not a book with all the details behind the causes, fixes, etc. For those details, I would refer my students (and do) to Michael's other great book "Writing Secure Code, Second Edition". And for process related material, "The Security Development Lifecycle".

Howard is the real deal, a straight shooter and known for telling it like it is. This book is no different - no fluff, no extraneous material, just the stuff every project manager of a software development effort should know, so they know what to ask of their team.

Read more

2 people found this helpful

Helpful

Report
Fernando Pompeo Amatte
For developers
Reviewed in the United States on March 19, 2013
Verified Purchase
If you are a developer, no matter the language you use, you should consider this book.
It maked clear, where are the problems and how to correct it.
You don't need to be a security expect to do things in a secure way.

Read more

Helpful

Report
Nyhq Kee
Great reference
Reviewed in the United States on August 28, 2022
Verified Purchase
Great book. Easy to read.

Read more

Helpful

Report
Jose A. Villegas
Excellent book!!!
Reviewed in the United States on December 24, 2012
Verified Purchase
The authors definitely know about software vulnerabilities due mostly in part by mistakes made during software development and coding processes. Their recommendations are very effective and I am very satisfied with my purchase.

Read more

One person found this helpful

Helpful

Report
Jack
Great Quality
Reviewed in the United States on April 8, 2015
Verified Purchase
Ordered 4 of these, 100% Satisfied with the books, They shipped it in sealed plastic bags.

Read more

Helpful

Report

Top reviews from other countries

Tommy S.
Good book on software security
Reviewed in Germany on August 14, 2015
Verified Purchase
A great book on software security, although some chapters seem to fill pages instrad of transporting knowledge. Still a great book to read!

Read more
Report
Pedro Gonçalo Pinto Domingues
This book should be in every programmer's shell
Reviewed in the United Kingdom on December 2, 2012
Verified Purchase
This book is VERY good, I mean, VERY GOOD! It goes straight to the point, it shows the weaknesses, then explains them, then shows you tons of solutions that you can use right away out of the box.

It is very easy and fast to read, so its a good book when you're with shortage of time!

Read more
Report
Peter
Overall a good buy
Reviewed in the United Kingdom on December 6, 2014
Verified Purchase
I bought this book on the basis of its good reviews, and on the whole I am glad that I did, although as I read through it I wasn't always so sure. I found it a frustrating read in some places.

It is clear that the authors have a bias towards high-level programming. They assume that the reader is familiar with web-site programming techniques, but provide a detailed description of how a stack works. My background is embedded assembly, C and occasionally C++. As a result I know how a stack works, but would have welcomed more detail in the concepts behind the web application sins.

The cryptographic sins left me feeling that the authors were trying too hard to fit such a broad topic into their preferred format. The subject is worthy of a book in its own right. As an example, the authors equated stream ciphers with RC4 and because RC4 is no longer considered secure they recommended avoiding stream ciphers altogether. A more detailed discussion might have considered how block-cipher modes can be used to implement stream ciphers, and how stream ciphers should always be used with effective integrity mechanisms.

Nevertheless the book is now in my reference library and I know I will refer to in the future. On a number of occasions I came across insights that made me sure that buying and reading it was a good investment.

Read more
Report

See more reviews

Amazon Prime Free Trial

Return this item for free

Return this item for free

Image Unavailable

Follow the authors