24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them (Paperback)

Michael Howard, David LeBlanc, John Viega

  • 出版商: McGraw-Hill Education
  • 出版日期: 2009-09-24
  • 售價: $2,460
  • 貴賓價: 9.5$2,337
  • 語言: 英文
  • 頁數: 432
  • 裝訂: Paperback
  • ISBN: 0071626751
  • ISBN-13: 9780071626750
  • 相關分類: Amazon Web Services資訊安全
  • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

相關主題

商品描述

"What makes this book so important is that it reflects the experiences of two of the industry's most experienced hands at getting real-world engineers to understand just what they're being asked for when they're asked to write secure code. The book reflects Michael Howard's and David LeBlanc's experience in the trenches working with developers years after code was long since shipped, informing them of problems." --From the Foreword by Dan Kaminsky, Director of Penetration Testing, IOActive

Eradicate the Most Notorious Insecure Designs and Coding Vulnerabilities

Fully updated to cover the latest security issues, 24 Deadly Sins of Software Security reveals the most common design and coding errors and explains how to fix each one-or better yet, avoid them from the start. Michael Howard and David LeBlanc, who teach Microsoft employees and the world how to secure code, have partnered again with John Viega, who uncovered the original 19 deadly programming sins. They have completely revised the book to address the most recent vulnerabilities and have added five brand-new sins. This practical guide covers all platforms, languages, and types of applications. Eliminate these security flaws from your code:

  • SQL injection
  • Web server- and client-related vulnerabilities
  • Use of magic URLs, predictable cookies, and hidden form fields
  • Buffer overruns
  • Format string problems
  • Integer overflows
  • C++ catastrophes
  • Insecure exception handling
  • Command injection
  • Failure to handle errors
  • Information leakage
  • Race conditions
  • Poor usability
  • Not updating easily
  • Executing code with too much privilege
  • Failure to protect stored data
  • Insecure mobile code
  • Use of weak password-based systems
  • Weak random numbers
  • Using cryptography incorrectly
  • Failing to protect network traffic
  • Improper use of PKI
  • Trusting network name resolution

商品描述(中文翻譯)

「這本書之所以重要,是因為它反映了兩位業界最有經驗的專家如何讓實際工程師理解當他們被要求編寫安全代碼時,他們到底被要求做什麼。這本書反映了Michael Howard和David LeBlanc在與開發人員合作多年後,告知他們問題的實戰經驗。」——來自IOActive滲透測試主管Dan Kaminsky的前言

「消除最臭名昭著的不安全設計和編碼漏洞」

全面更新以涵蓋最新的安全問題,《24 Deadly Sins of Software Security》揭示了最常見的設計和編碼錯誤,並解釋了如何修復每一個錯誤,或更好地從一開始避免它們。教導微軟員工和全球如何保護代碼的Michael Howard和David LeBlanc再次與揭示原始19個致命編程罪的John Viega合作,他們完全修訂了這本書以應對最新的漏洞,並新增了五個全新的罪行。這本實用指南涵蓋了所有平台、語言和應用類型。從您的代碼中消除這些安全缺陷:

- SQL注入
- Web服務器和客戶端相關漏洞
- 使用魔術URL、可預測的Cookie和隱藏表單字段
- 緩衝區溢出
- 格式化字符串問題
- 整數溢出
- C++災難
- 不安全的異常處理
- 命令注入
- 未處理錯誤
- 信息泄露
- 競態條件
- 低可用性
- 不易更新
- 以過高權限執行代碼
- 未保護存儲數據
- 不安全的移動代碼
- 使用弱基於密碼的系統
- 弱隨機數
- 不正確使用加密
- 未保護網絡流量
- 不正確使用PKI
- 信任網絡名稱解析」