Writing Secure Code

Front Cover
Pearson Education, Dec 4, 2002 - Computers - 800 pages

Keep black-hat hackers at bay with the tips and techniques in this entertaining, eye-opening book! Developers will learn how to padlock their applications throughout the entire development process—from designing secure applications to writing robust code that can withstand repeated attacks to testing applications for security flaws. Easily digested chapters reveal proven principles, strategies, and coding techniques. The authors—two battle-scarred veterans who have solved some of the industry’s toughest security problems—provide sample code in several languages. This edition includes updated information about threat modeling, designing a security process, international issues, file-system issues, adding privacy to applications, and performing security code reviews. It also includes enhanced coverage of buffer overruns, Microsoft .NET security, and Microsoft ActiveX development, plus practical checklists for developers, testers, and program managers.

 

Contents

Part II Secure Coding Techniques
125
Part III Even More Secure Coding Techniques
453
Part IV Special Topics
565
Part V Appendixes
711
Annotated Bibliography
741
Index
747
Copyright

Other editions - View all

Writing Secure Code
Michael Howard,David LeBlanc
Limited preview - 2003
Writing Secure Code
Michael Howard,David LeBlanc
Snippet view - 2003
Writing Secure Code
Michael Howard,David LeBlanc
Snippet view - 2003
View all »

Common terms and phrases

2000 and later access control access control list ActiveX administrator allow application attacker authentication buffer overrun bytes chapter char characters client configuration create cross-site scripting DACL database DCOM default determine developers DPAPI DWORD encryption error example exploit fail feature filename firewall function GetLastError handle hash Here’s input interface IP address IPSec issues look managed code memory Microsoft Windows mitigate named pipes NULL object operating system option packet password perform Perl permissions plaintext problem protect protocol random regular expression request require sample script secret data security bugs socket specific SSL/TLS strcpy string template threat model tion token trust Unicode untrusted user’s valid void vulnerability Windows NET Server Windows NT Windows XP write

About the author (2002)

David LeBlanc, Ph.D., is a founding member of the Trustworthy Computing Initiative at Microsoft. He has been developing solutions for computing security issues since 1992 and has created award-winning tools for assessing network security and uncovering security vulnerabilities. David is a senior developer in the Microsoft Office Trustworthy Computing group.

Bibliographic information

TitleWriting Secure Code
Developer Best Practices
AuthorsDavid LeBlanc, Michael Howard
Edition2
PublisherPearson Education, 2002
ISBN0735637407, 9780735637405
Length800 pages
Subjects ›  › 

Computers / Software Development & Engineering / General
  
Export CitationBiBTeX EndNote RefMan