24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
Original price was: $61.00.$41.96Current price is: $41.96.
Price: $61.00 - $41.96
(as of Oct 17, 2024 17:57:49 UTC – Details)
Publisher”s Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.
![Phone Holder Car [Upgrade Clip Never Fall] Car Phone Holder Mount Automobile Air Vent Hands Free Cell Phone Holder for Car Fit for All Car Mount for iPhone Android Smartphone](https://i3.wp.com/m.media-amazon.com/images/I/81iReadMegL._AC_SL1500_.jpg?w=300&resize=300,300&ssl=1)
Eradicate the Most Notorious Insecure Designs and Coding Vulnerabilities
Fully updated to cover the latest security issues, 24 Deadly Sins of Software Security reveals the most common design and coding errors and explains how to fix each one-or better yet, avoid them from the start. Michael Howard and David LeBlanc, who teach Microsoft employees and the world how to secure code, have partnered again with John Viega, who uncovered the original 19 deadly programming sins. They have completely revised the book to address the most recent vulnerabilities and have added five brand-new sins. This practical guide covers all platforms, languages, and types of applications. Eliminate these security flaws from your code:
SQL injection
Web server- and client-related vulnerabilitiesUse of magic URLs, predictable cookies, and hidden form fieldsBuffer overrunsFormat string problemsInteger overflowsC++ catastrophesInsecure exception handlingCommand injectionFailure to handle errorsInformation leakageRace conditionsPoor usabilityNot updating easilyExecuting code with too much privilegeFailure to protect stored dataInsecure mobile codeUse of weak password-based systemsWeak random numbersUsing cryptography incorrectlyFailing to protect network trafficImproper use of PKITrusting network name resolution
From the brand
As a leading global education company, our mission is to partner with educators, learners, and professionals to help them access all the value that education can offer, no matter where their starting points may be.
For over 130 years, we have never stopped innovating to meet the ever-changing needs of educators and learners around the world – and will continue to support and celebrate their efforts every step of the way.
Publisher : Osborne/McGraw-Hill; 1st edition (October 16, 2009)
Language : English
Paperback : 432 pages
ISBN-10 : 0071626751
ISBN-13 : 978-0071626750
Item Weight : 2.31 pounds
Dimensions : 7.4 x 0.87 x 9.09 inches
Customers say
Customers find the book’s information quality great, useful, and an excellent resource for software professionals. They also say it’s readable and well-written.
AI-generated from the text of customer reviews
11 reviews for 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
Add a review
You must be logged in to post a review.
Related Products
![Norton 360 Deluxe 2024, Antivirus software for 3 Devices with Auto Renewal – Includes VPN, PC Cloud Backup & Dark Web Monitoring [Download]](https://i3.wp.com/m.media-amazon.com/images/I/71uuBMzSgrL._AC_SL1500_.jpg?w=300&resize=300,300&ssl=1)
![TurboTax Home & Business 2023 Tax Software, Federal & State Tax Return [Amazon Exclusive] [PC/Mac Download]](https://i2.wp.com/m.media-amazon.com/images/I/71K4wikrrkL._AC_SL1500_.jpg?w=300&resize=300,300&ssl=1)
Original price was: $61.00.$41.96Current price is: $41.96.
Codemonkey –
Great overview of the topic
Originally stumbled across a copy of 19 Deadly Sins in a half price bookstore and found myself thoroughly engrossed. When I discovered there was a second edition with even more information, I was all over it.Software Security is a topic that all too often gets overlooked in the development process. That does a disservice to the client, the product, the developer and the company and not just for the obvious reasons. You see the same thought processes and practices which are required to build secure software also result in cleaner, less buggy, higher quality code. Wins all round.This book covers multiple common types of security vulnerability, explaining what, why and how and giving examples of the problems and ways to mitigate / avoid them in multiple languages. More importantly, it gets you thinking about these important issues and about the quality of your code in general.The book can be read cover to cover or you can cherry-pick the section(s) that are relevant (or which simply catch your interest) at any given time. Personally I prefer the latter as I absorb information better when I am particularly interested in the topic at hand.This book has something for every software engineer, no matter what you work on. Highly recommended food for thought. 🙂
Mike –
24 Deadly Sins of Software Security
24 Deadly Sins carries on in the great tradition of the original 19 Deadly Sins but has expanded to cover problems that have developed since then as well as added coverage for more programing languages. It serves as a great introduction to the most common problems in software development that lead to security issues without getting bogged down in the weeds on any of them. It does not go into a great deal of detail so if that is what you are looking for this isn’t the book you want but it does do what it sets out to do.The organization of the book lends itself to a straight read through and as a jump around reference to cover the problems you need to look at when you need to look at them. Most chapters stand alone quite well and most references to other chapters are about closely related sins. It describes the basics of the problem, goes into more detail and helps you try to spot the problem in various languages. It covers some of the ways you can avoid the problems and provides additional remediation if available.The book lends itself to being a decent text book on software security problems and its basic structure is not a bad approach to an introduction to the topic. I’ve been teaching an introduction to secure development class for a couple of years that was mostly based on the original book and I’m finishing updating that to the new 24 Deadly Sins breakdown.
Customer Greg –
Very useful for developers
This book is an excellent resource for any software professional. As massive data breaches and security vulnerabilities continue to fill the news, I began to wonder what I should be looking for in my own code to make it more secure. This book meets that need by summarizing the major risks in software security in a readable, to-the-point manner. Each risk is described, and then followed with code samples (in a variety of languages relevant to the flaw, including C, C++, Java, Perl, Ruby, Python, C#, and others), testing techniques, remediation steps, and additional references. If you’re looking for a great reference to quickly bring you up to speed on the major software security flaws and how to handle them, this is it.
W. Conklin –
Great Summarization
This book is the update to the 19 Deadly Sins, and does a tremendous job summarizing the information needed to understand the types of errors prevalent in software today. This is not a book with all the details behind the causes, fixes, etc. For those details, I would refer my students (and do) to Michael’s other great book “Writing Secure Code, Second Edition”. And for process related material, “The Security Development Lifecycle”.Howard is the real deal, a straight shooter and known for telling it like it is. This book is no different – no fluff, no extraneous material, just the stuff every project manager of a software development effort should know, so they know what to ask of their team.
Fernando Pompeo Amatte –
For developers
If you are a developer, no matter the language you use, you should consider this book.It maked clear, where are the problems and how to correct it.You don’t need to be a security expect to do things in a secure way.
Nyhq Kee –
Great reference
Great book. Easy to read.
Jose A. Villegas –
Excellent book!!!
The authors definitely know about software vulnerabilities due mostly in part by mistakes made during software development and coding processes. Their recommendations are very effective and I am very satisfied with my purchase.
Jack –
Great Quality
Ordered 4 of these, 100% Satisfied with the books, They shipped it in sealed plastic bags.
Tommy S. –
A great book on software security, although some chapters seem to fill pages instrad of transporting knowledge. Still a great book to read!
Pedro Gonçalo Pinto Domingues –
This book is VERY good, I mean, VERY GOOD! It goes straight to the point, it shows the weaknesses, then explains them, then shows you tons of solutions that you can use right away out of the box.It is very easy and fast to read, so its a good book when you’re with shortage of time!
Peter –
I bought this book on the basis of its good reviews, and on the whole I am glad that I did, although as I read through it I wasn’t always so sure. I found it a frustrating read in some places.It is clear that the authors have a bias towards high-level programming. They assume that the reader is familiar with web-site programming techniques, but provide a detailed description of how a stack works. My background is embedded assembly, C and occasionally C++. As a result I know how a stack works, but would have welcomed more detail in the concepts behind the web application sins.The cryptographic sins left me feeling that the authors were trying too hard to fit such a broad topic into their preferred format. The subject is worthy of a book in its own right. As an example, the authors equated stream ciphers with RC4 and because RC4 is no longer considered secure they recommended avoiding stream ciphers altogether. A more detailed discussion might have considered how block-cipher modes can be used to implement stream ciphers, and how stream ciphers should always be used with effective integrity mechanisms.Nevertheless the book is now in my reference library and I know I will refer to in the future. On a number of occasions I came across insights that made me sure that buying and reading it was a good investment.