A book by : Michael Howard, David LeBlanc, John Viega (Authors)
“Those who cannot remember the past are condemned to repeat it.” For far too long, software developers have been making the same mistakes in programming as if they were incapable of remembering their past errors.
Poorly written software lies behind nearly every computer security vulnerability.
The 19 programming flaws include the most devastating types of coding and architectural errors, such as buffer overflows, format string problems, cross-site scripting, and insufficient encryption.
Eliminate these security flaws from your code:
- Buffer overruns
- Format string problems
- Integer overflows
- SQL injection
- Command injection
- Failure to handle errors
- Cross-site scripting
- Failure to protect network traffic
- Use of magic URLs and hidden forms
- Improper use of SSL
- Use of weak password-based systems
- Failure to store and protect data securely
- Information leakage
- Trusting network address resolution
- Improper file access
- Race conditions
- Unauthenticated key exchange
- Failure to use cryptographically strong random numbers
- Poor usability