John Viega – författare

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.

Eradicate the Most Notorious Insecure Designs and Coding Vulnerabilities

Fully updated to cover the latest security issues, 24 Deadly Sins of Software Security reveals the most common design and coding errors and explains how to fix each one-or better yet, avoid them from the start. Michael Howard and David LeBlanc, who teach Microsoft employees and the world how to secure code, have partnered again with John Viega, who uncovered the original 19 deadly programming sins. They have completely revised the book to address the most recent vulnerabilities and have added five brand-new sins. This practical guide covers all platforms, languages, and types of applications. Eliminate these security flaws from your code:

SQL injection Web server- and client-related vulnerabilitiesUse of magic URLs, predictable cookies, and hidden form fieldsBuffer overrunsFormat string problemsInteger overflowsC++ catastrophesInsecure exception handlingCommand injectionFailure to handle errorsInformation leakageRace conditionsPoor usabilityNot updating easilyExecuting code with too much privilegeFailure to protect stored dataInsecure mobile codeUse of weak password-based systemsWeak random numbersUsing cryptography incorrectlyFailing to protect network trafficImproper use of PKITrusting network name resolution

Password sniffing, spoofing, buffer overflows, and denial of service: these are only a few of the attacks on today's computer systems and networks. At the root of this epidemic is poorly written, poorly tested, and insecure code that puts everyone at risk. Clearly, today's developers need help figuring out how to write code that attackers won't be able to exploit. But writing such code is surprisingly difficult. Secure Programming Cookbook for C and C++ is an important new resource for developers serious about writing secure code. It contains a wealth of solutions to problems faced by those who care about the security of their applications. It covers a wide range of topics, including safe initialization, access control, input validation, symmetric and public key cryptography, cryptographic hashes and MACs, authentication and key exchange, PKI, random numbers, and anti-tampering. The rich set of code samples provided in the book's more than 200 recipes will help programmers secure the C and C++ programs they write for both Unix(r) (including Linux(r)) and Windows(r) environments.Readers will learn: * How to avoid common programming errors, such as buffer overflows, race conditions, and format string problems * How to properly SSL-enable applications * How to create secure channels for client-server communication without SSL * How to integrate Public Key Infrastructure (PKI) into applications * Best practices for using cryptography properly * Techniques and strategies for properly validating input to programs * How to launch programs securely * How to use file access mechanisms properly * Techniques for protecting applications from reverse engineering The book's web site supplements the book by providing a place to post new recipes, including those written in additional languages like Perl, Java, and Python. Monthly prizes will reward the best recipes submitted by readers. Secure Programming Cookbook for C and C++ is destined to become an essential part of any developer's library, a code companion developers will turn to again and again as they seek to protect their systems from attackers and reduce the risks they face in today's dangerous world.