eBooks-it.org Logo
eBooks-IT.org Inner Image

Secure Coding

Principles and Practices

Secure Coding Image

Book Details:

Publisher:O'Reilly Media
Series: OReilly , Principles
Author:Mark Graff
Edition:1
ISBN-10:0596002424
ISBN-13:9780596002428
Pages:200
Published:Jul 01 2003
Posted:Nov 19 2014
Language:English
Book format:CHM
Book size:0.63 MB

Book Description:

Practically every day, we read about a new type of attack on computer systems and networks. Viruses, worms, denials of service, and password sniffers are attacking all types of systems -- from banks to major e-commerce sites to seemingly impregnable government and military computers --at an alarming rate.Despite their myriad manifestations and different targets, nearly all attacks have one fundamental cause: the code used to run far too many systems today is not secure. Flaws in its design, implementation, testing, and operations allow attackers all-too-easy access.Secure Coding, by Mark G. Graff and Ken vanWyk, looks at the problem of bad code in a new way. Packed with advice based on the authors' decades of experience in the computer security field, this concise and highly readable book explains why so much code today is filled with vulnerabilities, and tells readers what they must do to avoid writing code that can be exploited by attackers. Writing secure code isn't easy, and there are no quick fixes to bad code. To build code that repels attack, readers need to be vigilant through each stage of the entire code lifecycle:Architecture: during this stage, applying security principles such as "least privilege" will help limit even the impact of successful attempts to subvert software. Design: during this stage, designers must determine how programs will behave when confronted with fatally flawed input data. The book also offers advice about performing security retrofitting when you don't have the source code -- ways of protecting software from being exploited even if bugs can't be fixed. Implementation: during this stage, programmers must sanitize all program input (the character streams representing a programs' entire interface with its environment -- not just the command lines and environment variables that are the focus of most security analysis). Testing: during this stage, programs must be checked using both static code checkers and runtime testing methods -- for example, the fault injection systems now available to check for the presence of such flaws as buffer overflow. Operations: during this stage, patch updates must be installed in a timely fashion. In early 2003, sites that had diligently applied Microsoft SQL Server updates were spared the impact of the Slammer worm that did serious damage to thousands of systems. Beyond the technical, Secure Coding sheds new light on the economic, psychological, and sheer practical reasons why security vulnerabilities are so ubiquitous today. It presents a new way of thinking about these vulnerabilities and ways that developers can compensate for the factors that have produced such unsecured software in the past. It issues a challenge to all those concerned about computer security to finally make a commitment to building code the right way.

Download Link:

Related Books:

Secure Coding in C and C++

Secure Coding in C and C++ Image
2nd Edition
Learn the Root Causes of Software Vulnerabilities and How to Avoid Them Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root causes account for most of the vulnerabilities. Secure Coding in C and C, Second Edition, identifies and explains these root causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and to develop a security mindset that can help protect software from tomorrow';s attacks, ...

Java Coding Guidelines

75 Recommendations for Reliable and Secure Programs
Java Coding Guidelines Image
'A must-read for all Java developers. . . . Every developer has a responsibility to author code that is free of significant security vulnerabilities. This book provides realistic guidance to help Java developers implement desired functionality with security, reliability, and maintainability goals in mind.' Mary Ann Davidson, Chief Security Officer, Oracle Corporation Organizations worldwide rely on Java code to perform mission-critical tasks, and therefore that code must be reliable, robust, fast, maintainable, and secure. Java Coding Guidelines brings together expert guidelines, recommendations, and code examples to help you meet these demands. Written by the same team that brought you The CERT Oracle Secure Coding Standard for Java, this...

Engineering Secure Two-Party Computation Protocols

Design, Optimization and Applications of Efficient Secure Function Evaluation
Engineering Secure Two-Party Computation Protocols Image
Secure two-party computation, called secure function evaluation (SFE), enables two mutually mistrusting parties, the client and server, to evaluate an arbitrary function on their respective private inputs while revealing nothing but the result. Originally the technique was considered to be too inefficient for practical privacy-preserving applications, but in recent years rapid speed-up in computers and communication networks, algorithmic improvements, automatic generation, and optimizations have enabled their application in many scenarios.The author offers an extensive overview of the most practical and efficient modern techniques used in the design and implementation of secure computation and related protocols. After an introduction that sets secure...



2007 - 2021 © eBooks-IT.org