24 Deadly Sins of Software Security Programming Flaws and How to Fix Them 1st Edition by Michael HOWARD ISBN 0071626751 9780071626750

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them 1st Edition by Michael HOWARD – Ebook PDF Instant Download/Delivery. 0071626751, 978-0071626750
Full download 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them 1st Edition after payment

 

Product details:

ISBN 10:       0071626751
ISBN 13: 978-0071626750
Author:         Michael HOWARD

Publisher’s Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.

Eradicate the Most Notorious Insecure Designs and Coding Vulnerabilities

Fully updated to cover the latest security issues, 24 Deadly Sins of Software Security reveals the most common design and coding errors and explains how to fix each one-or better yet, avoid them from the start. Michael Howard and David LeBlanc, who teach Microsoft employees and the world how to secure code, have partnered again with John Viega, who uncovered the original 19 deadly programming sins. They have completely revised the book to address the most recent vulnerabilities and have added five brand-new sins. This practical guide covers all platforms, languages, and types of applications. Eliminate these security flaws from your code:

• SQL injection
  
• Web server- and client-related vulnerabilities
• Use of magic URLs, predictable cookies, and hidden form fields
• Buffer overruns
• Format string problems
• Integer overflows
• C++ catastrophes
• Insecure exception handling
• Command injection
• Failure to handle errors
• Information leakage
• Race conditions
• Poor usability
• Not updating easily
• Executing code with too much privilege
• Failure to protect stored data
• Insecure mobile code
• Use of weak password-based systems
• Weak random numbers
• Using cryptography incorrectly
• Failing to protect network traffic
• Improper use of PKI
• Trusting network name resolution

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them 1st Table of contents:

Part I: Web Application Sins

• Chapter 1: SQL Injection
  • Introduction to SQL Injection
  • Exploiting SQL Injection Vulnerabilities
  • Mitigation Techniques
  • Case Studies
  • Summary
• Chapter 2: Server-Side Cross-Site Scripting (XSS)
  • Understanding XSS on the Server-Side
  • How XSS Attacks Work
  • Defense Against XSS
  • Real-World Examples
  • Summary
• Chapter 3: Web-Client Related Vulnerabilities
  • Overview of Client-Side Vulnerabilities
  • JavaScript and HTML Vulnerabilities
  • Cross-Site Request Forgery (CSRF)
  • Best Practices for Client-Side Security
  • Summary

---

Part II: Implementation Sins

• Chapter 4: Use of Magic URLs
  • What are Magic URLs?
  • Risks and Consequences
  • Best Practices for URL Security
  • Example Attacks and Defenses
  • Summary
• Chapter 5: Buffer Overruns
  • Understanding Buffer Overflows
  • Exploiting Buffer Overruns
  • Prevention Techniques
  • Real-World Exploits and Defenses
  • Summary
• Chapter 6: Format String Problems
  • What are Format String Vulnerabilities?
  • How Format String Bugs are Exploited
  • Prevention and Mitigation
  • Example Attacks
  • Summary
• Chapter 7: Integer Overflows
  • Understanding Integer Overflows
  • Exploiting Integer Overflows
  • Techniques to Avoid Integer Overflow Issues
  • Examples and Case Studies
  • Summary
• Chapter 8: C++ Catastrophes
  • Common C++ Vulnerabilities
  • Memory Management Issues in C++
  • C++ Security Best Practices
  • Real-Life Examples
  • Summary
• Chapter 9: Catching All Exceptions
  • The Danger of Catching All Exceptions
  • Proper Exception Handling
  • Examples of Poor Exception Handling Practices
  • Best Practices for Error Handling
  • Summary
• Chapter 10: Command Injection
  • What is Command Injection?
  • Exploiting Command Injection Vulnerabilities
  • Preventing Command Injection
  • Example Attacks
  • Summary
• Chapter 11: Failure to Handle Errors
  • Importance of Error Handling in Secure Applications
  • Common Error Handling Mistakes
  • Techniques for Proper Error Handling
  • Real-Life Impact of Failure to Handle Errors
  • Summary
• Chapter 12: Information Leakage
  • What is Information Leakage?
  • Risks of Information Disclosure
  • Techniques for Preventing Information Leakage
  • Case Studies of Information Leakage
  • Summary
• Chapter 13: Race Conditions
  • Understanding Race Conditions
  • Exploiting Race Conditions
  • Preventing Race Conditions
  • Real-World Race Condition Exploits
  • Summary
• Chapter 14: Poor Usability
  • Security and Usability Trade-offs
  • Common Usability Pitfalls in Security
  • Balancing Usability with Security
  • Best Practices
  • Summary
• Chapter 15: Not Updating Easily
  • Risks of Outdated Software
  • The Importance of Software Updates
  • Techniques for Making Updates Easier
  • Real-World Examples
  • Summary

---

Part III: Cryptographic Sins

• Chapter 16: Not Using Least Privileges
  • Principle of Least Privilege in Cryptography
  • Implementing Least Privileges in Systems
  • Case Studies
  • Summary
• Chapter 17: Weak Password Systems
  • Understanding Weak Passwords
  • Common Password Attack Methods
  • Best Practices for Secure Password Management
  • Examples of Weak Password Systems
  • Summary
• Chapter 18: Unauthenticated Key Exchange
  • What is Key Exchange?
  • Risks of Unauthenticated Key Exchange
  • Secure Key Exchange Techniques
  • Examples and Defenses
  • Summary
• Chapter 19: Random Numbers
  • Importance of Randomness in Cryptography
  • Issues with Poor Random Number Generators
  • Best Practices for Generating Secure Random Numbers
  • Summary

---

Part IV: Networking Sins

• Chapter 20: Wrong Algorithm
  • The Importance of Correct Algorithms
  • Consequences of Using the Wrong Algorithm
  • Best Practices for Algorithm Selection
  • Examples and Case Studies
  • Summary
• Chapter 21: Failure to Protect Network Traffic
  • Risks of Unprotected Network Traffic
  • Encryption Techniques for Protecting Traffic
  • Real-Life Network Traffic Attacks
  • Summary
• Chapter 22: Trusting Name Resolution
  • Risks of Trusting DNS and Other Name Resolutions
  • Securing Name Resolution Services
  • Examples of Attacks on Name Resolution
  • Summary

---

Part V: Stored Data Sins

• Chapter 23: Improper Use of SSL/TLS
  • SSL/TLS Fundamentals
  • Common SSL/TLS Misconfigurations
  • Best Practices for Secure SSL/TLS Use
  • Case Studies
  • Summary
• Chapter 24: Failure to Protect Stored Data
  • Risks of Storing Sensitive Data Insecurely
  • Techniques for Protecting Stored Data
  • Encryption and Data Storage Best Practices
  • Examples of Data Breaches and Failures
  • Summary

People also search for 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them 1st:

24 deadly sins of software security pdf
sonic deadly six redesign
19 deadly sins of software security
deadly 6 sonic
7 deadly sins of social media