Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

Book: The 19 Deadly Sins of Software Security

Tuesday, July 12, 2005 Comments

 .NET   Books   Personal   Security 
Share:   Share on LinkedIn    Share on Twitter    Share on Google+    Share on Facebook   

[By way of Dana Epp]

Tonight Michael Howard ... told the world about a new book that he, David LeBlanc and John Viega have finished writing called "The 19 Deadly Sins of Software Security".

The book is carved up into 19 chapters, or Sins, and each is only 10-15pp long. The Sins are:

  1. Buffer Overflows
  2. Format String problems
  3. SQL injection
  4. Command injection
  5. Failure to handle errors
  6. Cross-site scripting
  7. Failing to protect network traffic
  8. Use of "magic" URLs and hidden forms
  9. Improper use of SSL
  10. Use of weak password-based systems
  11. Failing to store and protect data
  12. Information leakage
  13. Improper file access
  14. Integer range errors
  15. Trusting network address information
  16. Signal race conditions
  17. Unauthenticated key exchange
  18. Failing to use cryptographically strong random numbers
  19. Poor usability

This looks to be very good, and I look forward to getting this. If you are wise (i.e. want to be proactive in developing secure code), you will too!

Share:   Share on LinkedIn    Share on Twitter    Share on Google+    Share on Facebook