Rating:
Author: Michael Howard
ISBN : B001GCUH18
New from $31.99
Format: PDF
Download Free 19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them from mediafire, rapishare, and mirror link
This essential book for all software developers--regardless of platform, language, or type of application--outlines the “19 deadly sins” of software security and shows how to fix each one. Best-selling authors Michael Howard and David LeBlanc, who teach Microsoft employees how to secure code, have partnered with John Viega, the man who uncovered the 19 deadly programming sins to write this much-needed book. Coverage includes:
- Windows, UNIX, Linux, and Mac OS X
- C, C++, C#, Java, PHP, Perl, and Visual Basic
- Web, small client, and smart-client applications
Direct download links available for Free 19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them (Security One-off) [Kindle Edition]
- File Size: 3861 KB
- Print Length: 304 pages
- Simultaneous Device Usage: Up to 4 simultaneous devices, per publisher limits
- Publisher: McGraw-Hill Osborne Media; 1 edition (July 26, 2005)
- Sold by: Amazon Digital Services, Inc.
- Language: English
- ASIN: B001GCUH18
- Text-to-Speech: Enabled
X-Ray:
- Lending: Not Enabled
- Amazon Best Sellers Rank: #682,960 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
Free 19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
I read six books on software security recently, namely "Writing Secure Code, 2nd Ed" by Michael Howard and David LeBlanc; "19 Deadly Sins of Software Security" by Michael Howard, David LeBlanc, and John Viega; "Software Security" by Gary McGraw; "The Security Development Lifecycle" by Michael Howard and Steve Lipner; "High-Assurance Design" by Cliff Berg; and "Security Patterns" by Markus Schumacher, et al. Each book takes a different approach to the software security problem, although the first two focus on coding bugs and flaws; the second two examine development processes; and the last two discuss practices or patterns for improved design and implementation. My favorite of the six is Gary McGraw's, thanks to his clear thinking and logical analysis. The other five are still noteworthy books. All six will contribute to the
production of more security software.
The main reason to read 19DS is to quickly become acquainted with various security problems facing software developers. At less than 300 pages, it's not a thick tome like WSC2E. 19DS also is not afraid to mix bugs (coding errors, like buffer overflow conditions) with flaws (design problems, like "failing to protect network traffic.") This sort of lax categorization bothers me (and Gary McGraw, as noted in his book "Software Security"), but it shouldn't interfere with the quality content of 19DS.
Probably the most interesting aspect (to me) of 19DS was sin 10, which discussed problems with Secure Sockets Layer (SSL). The chapter didn't describe algorithmic or protocol problems. Instead, it explained how programmers make poor assumptions about the features provided by their language of choice with respect to SSL. For example, many SSL libraries do not properly validate certificates.
With the continual alerts and patches for software vulnerabilities, it may appear that there is no way to write secure software. While I agree there are no "absolutes" when it comes to secure software, there are ways to greatly reduce your potential of writing software that can be exploited. 19 Deadly Sins Of Software Security - Programming Flaws and How To Fix Them by Michael Howard, David LeBlanc, and John Viega does an excellent job in helping you focus in on this subject...
Content: Buffer Overruns; Format String Problems; Integer Overflows; SQL Injection; Command Injection; Failing To Handle Errors; Cross-Site Scripting; Failing To Protect Network Traffic; Use Of Magic URLs And Hidden Form Fields; Improper Use Of SSL And TLS; Use Of Weak Password-Based Systems; Failing To Store And Protect Data Security; Information Leakage; Improper File Access; Trusting Network Name Resolution; Race Conditions; Unauthenticated Key Exchange; Cryptographically Strong Random Numbers; Poor Usability; Mapping The 19 Deadly Sins To The OWASP "Top Ten"; Summary Of Do's And Don'ts; Index
This book came out of a list developed by Homeland Security that declared that 95% of security issues in software came from 19 programming mistakes. What you read in these pages go into more detail about each of those issues, but in a very concise, practical, no-nonsense fashion. This is the type of information you'll need as a professional who needs to get a job done without wasting time on fluff and verbose writing. Each chapter covers one of the sins, and follows a standard format for the information.