[By way of Dana Epp]
Tonight Michael Howard ... told the world about a new book that he, David LeBlanc and John Viega have finished writing called "The 19 Deadly Sins of Software Security".
The book is carved up into 19 chapters, or Sins, and each is only 10-15pp long. The Sins are:
- Buffer Overflows
- Format String problems
- SQL injection
- Command injection
- Failure to handle errors
- Cross-site scripting
- Failing to protect network traffic
- Use of "magic" URLs and hidden forms
- Improper use of SSL
- Use of weak password-based systems
- Failing to store and protect data
- Information leakage
- Improper file access
- Integer range errors
- Trusting network address information
- Signal race conditions
- Unauthenticated key exchange
- Failing to use cryptographically strong random numbers
- Poor usability
This looks to be very good, and I look forward to getting this. If you are wise (i.e. want to be proactive in developing secure code), you will too!
