Cantitate/Preț
Produs

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them

Autor Michael Howard, David LeBlanc, John Viega
en Limba Engleză Paperback – 16 oct 2009
Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.


Eradicate the Most Notorious Insecure Designs and Coding Vulnerabilities
Fully updated to cover the latest security issues, 24 Deadly Sins of Software Security reveals the most common design and coding errors and explains how to fix each one-or better yet, avoid them from the start. Michael Howard and David LeBlanc, who teach Microsoft employees and the world how to secure code, have partnered again with John Viega, who uncovered the original 19 deadly programming sins. They have completely revised the book to address the most recent vulnerabilities and have added five brand-new sins. This practical guide covers all platforms, languages, and types of applications. Eliminate these security flaws from your code:
  • SQL injection
  • Web server- and client-related vulnerabilities
  • Use of magic URLs, predictable cookies, and hidden form fields
  • Buffer overruns
  • Format string problems
  • Integer overflows
  • C++ catastrophes
  • Insecure exception handling
  • Command injection
  • Failure to handle errors
  • Information leakage
  • Race conditions
  • Poor usability
  • Not updating easily
  • Executing code with too much privilege
  • Failure to protect stored data
  • Insecure mobile code
  • Use of weak password-based systems
  • Weak random numbers
  • Using cryptography incorrectly
  • Failing to protect network traffic
  • Improper use of PKI
  • Trusting network name resolution
Citește tot Restrânge

Preț: 29818 lei

Preț vechi: 37272 lei
-20%

Puncte Express: 447

Preț estimativ în valută:
5713 6188$ 4899£

Carte disponibilă

Livrare economică 19 aprilie-03 mai
Livrare express 04-10 aprilie pentru 4128 lei

Preluare comenzi: 021 569.72.76

Specificații

ISBN-13: 9780071626750
ISBN-10: 0071626751
Pagini: 432
Dimensiuni: 188 x 234 x 23 mm
Greutate: 0.77 kg
Editura: McGraw Hill Education
Colecția McGraw-Hill
Locul publicării:United States

Cuprins

Part I: Web Application Sins; Chapter 1: SQL Injection; Chapter 2: Server Side Cross-Site Scripting; Chapter 3: Web-Client Related Vulnerabilities; Part II: Implementation Sins; Chapter 4: Use of Magic URLs
Chapter 5: Buffer Overruns; Chapter 6: Format String Problems; Chapter 7: Integer Overflows; Chapter 8: C++ Catastrophes; Chapter 9: Catching All Exceptions; Chapter 10: Command Injection; Chapter 11: Failure to Handle Errors; Chapter 12: Information Leakage; Chapter 13: Race Conditions; Chapter 14: Poor Usability; Chapter 15: Not Updating Easily; Part III: Cryptographic Sins; Chapter 16: Not Using Least Priveleges; Chapter 17: Weak Password Systems; Chapter 18: Unauthenticated Key Exchange; Chapter 19: Random Numbers;Part IV: Networking Sins;Chapter 20: Wrong Algorithm; Chapter 21: Failure to Protect Network Traffic; Chapter 22: Trusting Name Resolution; Part V: Stored Data Sins; Chapter 23: Improper Use of SSL/TLS; Chapter 24: Failure to Protect Stored Data

Notă biografică

MICHAEL HOWARD PRINCIPAL CYBERSECURITY ARCHITECT MICROSOFT PUBLIC SECTOR SERVICESMichael Howard is a principal cybersecurity architect in the Public Sector Services group. Prior to that, he was a principal security program manager on the Trustworthy Computing (TwC) Groups Security Engineering team at Microsoft, where he was responsible for managing secure design, programming, and testing techniques across the company.Howard is an architect of the Security Development Lifecycle (SDL), a process for improving the security of Microsofts software. Howard began his career with Microsoft in 1992 at the companys New Zealand office, working for the first two years with Windows and compilers on the Product Support Services team, and then with Microsoft Consulting Services, where he provided security infrastructure support to customers and assisted in the design of custom solutions and development of software. In 1997, Howard moved to the United States to work for the Windows division on Internet Information Services, Microsofts next-generation web server, before moving to his current role in 2000. Howard is an editor of IEEE Security & Privacy, a frequent speaker at security-related conferences and he regularly publishes articles on secure coding and design, Howard is the co-author of six security books, including the award-winning Writing Secure Code, 19 Deadly Sins of Software Security, The Security Development Lifecycle, Writing Secure Code for Windows Vista and his most recent release 24 Deadly Sins of Software Security.