19 Deadly Sins of Software Security

Have a Promotion Code?

Please enter it here:

About special promotions

Sign Up to Stay Informed

Learn about new books, special offers, discounts and promotions in your field of interest.

SIGN UP TODAY

Recently Viewed

Schaum's Outline of Logic
John Nolt, Dennis Rohatyn, Achille Varzi
$18.95

The Birth of Plenty
William Bernstein
$29.95

Schaum's Outline Of Statics and Mechanics of Materials
William Nash
$16.95



By

Michael Howard, David LeBlanc, John Viega

Date

July 26, 2005

Format

Paperback, 304 pages

ISBN

0072260858 / 9780072260854


Edition Number
1

Language
English

Audience
College/higher education

Imprint
McGraw-Hill Osborne Media

Publisher
McGraw-Hill

Country
United States

Copyright
2006

Dimensions
7.4 in Width x 0.59 in Thick

Weight
2.545 lb

DOI
10.1036/0072260858

Add to cart Save for later

Your Price

$45.00



Overview

This essential book for all software developers--regardless of platform, language, or type of application--outlines the “19 deadly sins” of software security and shows how to fix each one. Best-selling authors Michael Howard and David LeBlanc, who teach Microsoft employees how to secure code, have partnered with John Viega, the man who uncovered the 19 deadly programming sins to write this much-needed book. Coverage includes:

  • Windows, UNIX, Linux, and Mac OS X
  • C, C++, C#, Java, PHP, Perl, and Visual Basic
  • Web, small client, and smart-client applications

Biographical note

Michael Howard is a senior security program manager in the security engineering group at Microsoft Corporation, and a co-author of the award-winning Writing Secure Code. He is a co-author of Basic Training in IEEE Security and Privacy Magazine and a co-author of the National Cyber Security Task Force “Processes to produce Secure Software” document for the Department of Homeland Security. As an author of the Security Development Lifecycle, Michael spends most of his time is spent defining and enforcing security best practice and software development process improvements to deliver more secure software to normal humans.

David LeBlanc, Ph.D., is currently Chief Software Architect for Webroot Software. Prior to joining Webroot, he served as security architect for Microsoft's Office division, was a founding member of the Trustworthy Computing Initiative, and worked as a white-hat hacker in Microsoft's network security group. David is also co-author of Writing Secure Code and Assessing Network Security, as well as numerous articles. On good days, he'll be found riding the trails on his horse with his wife, Jennifer.

John Viega discovered the 19 deadly programming flaws that received such press and media attention, and this book is based on his discovery. He is the Founder and Chief Scientist of Secure Software(www.securesoftware.com), is a well-known security expert, and coauthor of Building Secure Software (Addison-Wesley), Network Security with OpenSSL (O'Reilly) an Adjuct Professor of Computer Science at Virginia Tech (Blacksburg, VA) and Senior Policy Researcher at the Cyberspace Policy Institute, and he serves on the Technical Advisory Board for the Open Web Applications Security Project.
He also founded a Washington, D.C. area security interest group that conducts monthly lectures presented by leading experts in the field. John is responsible for numerous software security tools, and is the original author of Mailman, the GNU mailing list manager. He holds a B.A. and M.S. in Computer Science from the University of Virginia. He is the author or coauthor of nearly 80 technical publications, including numerous refered research papers and trade articles. He is coauthor of Building Secure Software, Network Security and Cryptography with OpenSSL and The Secure Programming Cookbook for C and C++.

Back cover copy

“Ninety-five percent of software bugs are caused by the same 19 programming flaws.” —Amit Yoran, Former Director of The Department of Homeland Security’s National Cyber Security Division

Secure your software by eliminating code vulnerabilities from the start. This essential book for all software developers--regardless of platform, language, and type of application--outlines the 19 sins of software security and shows how to fix each one. Best-selling authors Michael Howard and David LeBlanc, who teach Microsoft employees how to write secure code, have partnered with John Viega, the man who uncovered the 19 deadly programming sins to write this hands-on guide. Detailed code examples throughout show the code defects as well as the fixes and defenses. If you write code, you need this book. Eliminate these security flaws from your code:

Buffer overruns
Format string problems
Integer overflows
SQL injection
Command injection
Failure to handle errors
Cross-site scripting
Failure to protect network traffic
Use of magic URLs and hidden forms
Improper use of SSL
Use of weak password-based systems
Failure to store and protect data securely
Information leakage
Trusting network address resolution
Improper file access
Race conditions
Unauthenticated key exchange
Failure to use cryptographically strong random numbers
Poor usability

Michael Howard, CISSP, is an architect of the security process changes at Microsoft and a co-author of Processes to Produce Secure Software published by the Department of Homeland Security’s National Cyber Security Division. He is a Senior Security Program Manager in the Security Engineering Group at Microsoft Corporation and co-author of Writing Secure Code (Microsoft Press).

David LeBlanc, Ph.D., is Chief Software Architect for Webroot Software, and was formerly Security Architect in the Office group at Microsoft. He is co-author of Writing Secure Code.

John Viega is the CTO of Secure Software. He first defined the 19 deadly sins of software security for the Department of Homeland Security. He is co-author of many security books including Building Secure Software (Addison-Wesley).




Copyright © 2006 - 2009 The McGraw-Hill Companies. All rights reserved. Any use is subject to the Terms of Use and Privacy Notice