"Ninety-five percent of software bugs are caused by the same 19 programming flaws."
      —Amit Yoran, Former Director of The Department of Homeland Security's National Cyber Security Division

Secure your software by eliminating code vulnerabilities from the start. The 19 Deadly Sins of Software Security, aimed at software developers -- regardless of platform, language and type of application, outlines the 19 sins of software security and shows how to fix each one. Authors Michael Howard and David LeBlanc, who teach Microsoft employees how to write secure code, have partnered with John Viega, who uncovered the 19 deadly programming sins, to write this hands-on guide. Detailed code examples throughout show the code defects as well as the fixes and defenses. This book can help you eliminate these security flaws from your code: Buffer overruns; format string problems; integer overflows; SQL injection; command injection; failure to handle errors; cross-site scripting; failure to protect network traffic; use of magic URLs and hidden forms; improper use of SSL; use of weak password-based systems; failure to store and protect data securely; information leakage; trusting network address resolution; improper file access; race conditions; unauthenticated key exchange; failure to use cryptographically strong random numbers; and poor usability.

Learn about buffer overruns, their effect on your system and how to write more secure code in Chapter 1, "Buffer Overruns," from The 19 Deadly Sins of Software Security with this series of book excerpts, courtesy of McGraw-Hill. (Published July 31, 2005. Copyright 2005.)

Chapter 1 excerpts:

1. Buffer Overruns: Overview of the sin
2. Affected languages
3. The sin explained
4. Spotting the sin
5. Example sins
6. Redemption steps
7. Extra defensive measures
8. Other resources

To download the complete chapter, click for the .pdf.

Click here to return to the SearchWindowsSecurity.com Book Excerpts Library.