Michael Howard, one of the creators of Microsoft's mandatory Security Development Lifecyle and author of 'Writing Secure Code', has a new book on sofware security.
"The 19 Deadly Sins of Software Security" is a collaboration between Howard, David LeBlanc and John Viega. The book, which will debut at Black Hat USA 2005 briefings later this month, is carved up into 19 chapters:
# Buffer Overflows
# Format String problems
# SQL injection
# Command injection
# Failure to handle errors
# Cross-site scripting
# Failing to protect network traffic
# Use of "magic" URLs and hidden forms
# Improper use of SSL
# Use of weak password-based systems
# Failing to store and protect data
# Information leakage
# Improper file access
# Integer range errors
# Trusting network address information
# Signal race conditions
# Unauthenticated key exchange
# Failing to use cryptographically strong random numbers
# Poor usability
Michael's blog has an announcement with more information. I'll look for a copy at Black Hat.
skip to main |
skip to sidebar
An (outside) look at security in Microsoft's dominant operating system.
About Me
- Ryan Naraine
- I write about IT security issues/trends for eWEEK Magazine; I'm West Indian and I obsess about West Indies cricket.
My blog is mine. The opinions represented in this blog are mine as well and may not represent my employer's opinions.
Digg Security
- Microsoft Watch
- eWEEK Security
- MSRC Blog
- Exploit Prevention Labs
- Metasploit
- Stephen Toulouse (MSRC)
- Michael Howard
- John Pescatore
- Ben Edelman
- Bruce Schneier
- Matasano
- Donna Buenaventura
- WaPo SecurityFix
- F-Secure Weblog
- Kaspersky Lab
- ISC Sans Diary
- Sunbeltblog
- Honeyblog
- Jesper Johansson
- Paper Ghost
- Worm Blog
Blog Archive
-
▼
2005
(82)
-
▼
July
(39)
- MS05-036 Exploit Published
- Kaminsky on Security at Redmond
- Win2K Update Rollup Hiccups
- US-CERT Weekly Windows Security Summary
- 80 Super Security Tips
- Acquisitive Microsoft
- What’s The Use of Security Advisories?
- AOL's IE Browser
- Windows Anti-Spy Refresh
- Spyware at Cingular Store
- Support for Industry Patch Day
- Advisory/Workarounds for RDP Flaw
- Explaining Premature Disclosure for IE Flaw
- XP SP2 Zero-Day?
- Dell, Spyware and My Way
- SWI Team May Start Blogging
- Pre-Patch Investigations Explained
- Schneier on Microsoft/Claria Hubbub
- Patch Deluge Redux
- Still no RSS Feed for Advisories
- Windows XP SP2 Remote Kernel DoS Flaw
- Cybercrime *Not* Terrorism
- A Message for Microsoft
- MS/Claria Deal Dead
- Why You Need Multiple AntiSpyware Apps
- It's Raining Patches
- Multiple Vendors Patching Today
- Low Hopes for Anti Spyware Coalition
- Hacker Manifesto
- 19 Deadly Sins of Software Security
- Momentum for MS AntiSpyware Rethink
- Lazy People and Default Settings
- London Bombing Trojan
- Talking a Lot, Saying Nothing
- Unimpressed with Spyware Downgrade Explanation
- Ed Bott on MSAS Claria Downgrades
- eEye Spies More Windows Flaws
- MS AntiSpyware Bordering on Irrelevance
- Some Fatherly Advice for Sasser Sven
-
▼
July
(39)