Features
- Cover Type: Paperback with 354 pages
- Published by: Charles River Media
- Edition: 1st Edition June 3, 2005
- Written in: English
- ISBN 10 Number: 1584503580
- ISBN 13 Number: 978-1584503583
-
Book Dimensions:
9.1 x 7.3 x 1.1 inches
- Weighs: 1.7 pounds
Product Description
In today's market, secure
software is a must for consumers. Many developers, however, are not familiar with the techniques needed to produce secure code or detect existing vulnerabilities. The
software Vulnerability Guide helps developers and testers better understand the underlying security flaws in
software and provides an easy-to-use reference for security bugs. Most of these bugs (and the viruses, worms, and exploits that derive from them) start out as programmer mistakes. With this guide, professional programmers and testers will learn how to find, fix, and prevent these vulnerabilities before their
software reaches the market. Detailed explanations and examples are provided for each of the vulnerabilities, as well as a summary sheet that can be referenced quickly. Tools that make it easier to recognize and prevent vulnerabilities are also explored, and source code snippets, commentary, and techniques are provided in easy-to-read sidebars. This guide is a must have for today's
software developers.
About The Author
Herbert Thomas is the Director of Security Technology at Security Innovation LLC and serves on the graduate faculty of the Florida Institute of Technology. He is the co-author of How to Break Sofware Security: Effective Techniques for Security Testing and is a frequent speaker at industry conferences. Scott Chase is a Security Architect at SI Government Solutions, where he manages key research projects for the US government. He has also worked as a university researcher in information security and as a
software tester in industry.
Reader ReviewsEvery month, hundreds of security vulnerabilities and warnings are announced. Although they cover a wide set of products and programs, the underlying reason for them is generally the same: insecurely written software. When software is written in insecure code (which includes most software programs written today), serious security flaws are inevitable. The Software Vulnerability Guide was written to help software developers acquire the methods necessary to write secure code and find existing problems in current software. After making a persuasive case for secure code in part one, the book progresses into the areas that are crucial to writing secure software. Part two of the book covers system-level attacks and details important topics such as passwords, scripts and macros, and dynamic linking and loading (DLL). Part three plunges into attacks on the software, exploring heady concepts such as buffer overflows, format-string vulnerabilities, and integer overflow vulnerabilities. Most of these attacks have been known for decades but are only receiving wide-scale attention now. Further chapters delve into securing data and Web servers. For each of the vulnerabilities mentioned, the authors describe how they occur and how to prevent them. An enclosed CD-ROM contains software examples described in the text, plus various open-source security software testing tools, including Ethereal, Nessus, and Nmap. Any business serious about writing secure software should ensure that all of its code writers receive a copy of this book
Search for books at
