July 11, 2005

The 19 Deadly Sins of Software Security

Ahhhhh... it was time for me to read a new software security book. I was just thinking about what was next to read. Tonight Michael Howard helped me out and told the world about a new book that he, David LeBlanc and John Viega have finished writing called "The 19 Deadly Sins of Software Security".

The book is carved up into 19 chapters, or Sins, and each is only 10-15pp long. The Sins are:

  1. Buffer Overflows
  2. Format String problems
  3. SQL injection
  4. Command injection
  5. Failure to handle errors
  6. Cross-site scripting
  7. Failing to protect network traffic
  8. Use of "magic" URLs and hidden forms
  9. Improper use of SSL
  10. Use of weak password-based systems
  11. Failing to store and protect data
  12. Information leakage
  13. Improper file access
  14. Integer range errors
  15. Trusting network address information
  16. Signal race conditions
  17. Unauthenticated key exchange
  18. Failing to use cryptographically strong random numbers
  19. Poor usability

These three guys have contributed to some of my favorite writings. I look forward to getting my hands on a copy.

Posted by SilverStr at July 11, 2005 10:42 PM | TrackBack

I've been scowering the net searching all over for a solution to a problem I'm having. I'm wondering if there is a way to log registry changes in the event log, and to take it one step further, I'd like to set a group policy (or roll out snare) to grab those events. Do you know of any registry
Thanks in advance. You have a great blog.



Posted by: Dimitri at July 12, 2005 02:44 PM

This is a cool site.richa

Posted by: richa at July 14, 2005 03:07 AM