Sign in
|
Register
|
Mobile
Home
Browse
About us
Help/FAQ
Advanced search
Home
>
Browse
>
24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
CITATION
Howard, Michael;
LeBlanc, David; and
Viega, John
.
24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
.
US
: McGraw-Hill Osborne Media, 2009.
Add to Favorites
Email to a Friend
Download Citation
24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
Authors:
Michael Howard
,
David LeBlanc
and
John Viega
Published:
September 2009
eISBN:
9780071626767 007162676X
|
ISBN:
9780071626750
Open eBook
Book Description
Table of Contents
Contents
Foreword
Acknowledgments
Introduction
Part I: Web Application Sins
1 SQL Injection
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
2 Web Server–Related Vulnerabilities (XSS, XSR, and Response Splitting)
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the XSS Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps (XSS and Response Splitting)
Redemption Steps (XSRF)
Extra Defensive Measures
Other Resources
Summary
3 Web Client–Related Vulnerabilities (XSS)
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
4 Use of Magic URLs, Predictable Cookies, and Hidden Form Fields
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Part II: Implementation Sins
5 Buffer Overruns
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
6 Format String Problems
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
7 Integer Overflows
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
8 C++ Catastrophes
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
9 Catching Exceptions
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Other Resources
Summary
10 Command Injection
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
11 Failure to Handle Errors Correctly
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sin
Redemption Steps
Other Resources
Summary
12 Information Leakage
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
13 Race Conditions
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
14 Poor Usability
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Other Resources
Summary
15 Not Updating Easily
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
16 Executing Code with Too Much Privilege
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
17 Failure to Protect Stored Data
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
18 The Sins of Mobile Code
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Part III: Cryptographic Sins
19 Use of Weak Password-Based Systems
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
20 Weak Random Numbers
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
21 Using Cryptography Incorrectly
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
Part IV: Networking Sins
22 Failing to Protect Network Traffic
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
23 Improper Use of PKI, Especially SSL
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Extra Defensive Measures
Other Resources
Summary
24 Trusting Network Name Resolution
Overview of the Sin
CWE References
Affected Languages
The Sin Explained
Spotting the Sin Pattern
Spotting the Sin During Code Review
Testing Techniques to Find the Sin
Example Sins
Redemption Steps
Other Resources
Summary
Index