Programmer's Ultimate Security DeskRef: Your Programming Security Encyclopedia
The Programmer's Ultimate Security DeskRef is the only complete desk reference covering multiple languages and their inherent security issues. It will serve as the programming encyclopedia for almost every major language in use.
While there are many books starting to address the broad subject of security best practices within the software development lifecycle, none has yet to address the overarching technical problems of incorrect function usage. Most books fail to draw the line from covering best practices security principles to actual code implementation. This book bridges that gap and covers the most popular programming languages such as Java, Perl, C++, C#, and Visual Basic.
* Defines the programming flaws within the top 15 programming languages.
* Comprehensive approach means you only need this book to ensure an application's overall security.
* One book geared toward many languages.
What people are saying - Write a review
We haven't found any reviews in the usual places.
_tchar Additional Resources application and never application.All analysis array attacker could leverage Bob Jenkins buffer overflow cmdname ColdFusion conducted securely const char const wchar_t Date object Denial-of-Service attacks Description designed for Windows desired executables destination string dynamic programs errno execute a file file.The filename format string format string attack Format string bugs function attempts function executes function handles system-specific function returns function was designed function will return functions read handles system-specific sensitive High Cross References htmldocs/function.htm#wp3082862 Impact http://livedocs.macromedia.com/coldfusion/6.1 http://msdn.microsoft.com/library/default.asp?url=/library/en-us input arguments integer Low Cross References LPTSTR malicious users Medium Cross References memory space method Microsoft Microsoft Net necessary for proper null null character operating system parameters path information period of target pointer proper execution Prototype race condition returns the number Risk special characters sprintf strcat strcpy string containing Summary system-specific sensitive information target reconnaissance.This function user input utilized VBScript wide-character string Windows compatibility wire in cleartext
Page vii - With his core competencies residing in high-tech remote management, international expansion, application security, protocol analysis, and search algorithm technology, Foster has conducted numerous code reviews for commercial OS components, Win32 application assessments, and reviews on commercialgrade cryptography implementations. Foster is a seasoned speaker and has presented throughout North America at conferences, technology forums, security summits, and research symposiums with highlights at the...
Page vii - CSC, Foster was the Director of Research and Development for Foundstone Inc. (acquired by McAfee) and was responsible for all aspects of product, consulting, and corporate R&D initiatives. Prior to joining Foundstone, Foster was an Executive Advisor and Research Scientist with Guardent Inc. (acquired by Verisign) and an adjunct author at Information Security Magazine (acquired by TechTarget), subsequent to working as Security Research Specialist for the Department of Defense.
Page vii - Foster holds degrees and certifications in Business, Software Engineering, Management of Information Systems, and numerous computer-related or programming-related concentrations and has attended or conducted research at the Yale School of Business, Harvard University, Capitol College, and the University of Maryland.
Page vii - InfoSec World 2001, and the Thomson Security Conference. He also is commonly asked to comment on pertinent security issues and has been sited in USAToday, Information Security Magazine, Baseline, Computer World, Secure Computing, and the MIT Technologist, Foster holds an AS, BS, MBA and numerous technology and management certifications and has attended or conducted research at the Yale School of Business, Harvard University, the University of Maryland, and is currently a Fellow at University of Pennsylvania's...