Sinossi
Practically every day, we read about a new type of attack on computer systems and networks. Viruses, worms, denials of service, and password sniffers are attacking all types of systems -- from banks to major e-commerce sites to seemingly impregnable government and military computers --at an alarming rate.Despite their myriad manifestations and different targets, nearly all attacks have one fundamental cause: the code used to run far too many systems today is not secure. Flaws in its design, implementation, testing, and operations allow attackers all-too-easy access.Secure Coding, by Mark G. Graff and Ken vanWyk, looks at the problem of bad code in a new way. Packed with advice based on the authors' decades of experience in the computer security field, this concise and highly readable book explains why so much code today is filled with vulnerabilities, and tells readers what they must do to avoid writing code that can be exploited by attackers. Writing secure code isn't easy, and there are no quick fixes to bad code. To build code that repels attack, readers need to be vigilant through each stage of the entire code lifecycle:
- Architecture: during this stage, applying security principles such as "least privilege" will help limit even the impact of successful attempts to subvert software.
- Design: during this stage, designers must determine how programs will behave when confronted with fatally flawed input data. The book also offers advice about performing security retrofitting when you don't have the source code -- ways of protecting software from being exploited even if bugs can't be fixed.
- Implementation: during this stage, programmers must sanitize all program input (the character streams representing a programs' entire interface with its environment -- not just the command lines and environment variables that are the focus of most securityanalysis).
- Testing: during this stage, programs must be checked using both static code checkers and runtime testing methods -- for example, the fault injection systems now available to check for the presence of such flaws as buffer overflow.
- Operations: during this stage, patch updates must be installed in a timely fashion. In early 2003, sites that had diligently applied Microsoft SQL Server updates were spared the impact of the Slammer worm that did serious damage to thousands of systems.
Le informazioni nella sezione "Riassunto" possono far riferimento a edizioni diverse di questo titolo.
Contenuti
Dedication; Preface; Objectives of This Book; Structure of This Book; What This Book Does Not Cover; Conventions Used in This Book; About the Examples; Comments and Questions; Acknowledgments; Chapter 1: No Straight Thing; 1.1 The Vulnerability Cycle; 1.2 What Is an Attack?; 1.3 Why Good People Write Bad Code; 1.4 A Call to Arms; 1.5 Summary; Chapter 2: Architecture; 2.1 What Is Security Architecture?; 2.2 Principles of Security Architecture; 2.3 Case Study: The Java Sandbox; 2.4 Summary; Chapter 3: Design; 3.1 Why Does Good Design Matter?; 3.2 Secure Design Steps; 3.3 Special Design Issues; 3.4 Bad Practices; 3.5 Case Studies; 3.6 Summary; Chapter 4: Implementation; 4.1 Good Practices; 4.2 Bad Practices; 4.3 Case Studies; 4.4 Summary; Chapter 5: Operations; 5.1 Security Is Everybody's Problem; 5.2 Good Practices; 5.3 Bad Practices; 5.4 Case Studies; 5.5 Summary; Chapter 6: Automation and Testing; 6.1 Why Test?; 6.2 Good General Practices; 6.3 Good Practices Through the Lifecycle; 6.4 Risk Assessment Methodologies; 6.5 Case Studies; 6.6 Summary; Appendix A: Resources; A.1 Books; A.2 Papers and Articles; A.3 Web Sites and Online Resources; A.4 A Final Note on Resources; Colophon;
Product Description
Book by Mark G Graff Kenneth R van Wyk
Le informazioni nella sezione "Su questo libro" possono far riferimento a edizioni diverse di questo titolo.
Altre edizioni note dello stesso titolo
Risultati della ricerca per Secure Coding: Principles and Practices
Foto dell'editore
Secure Coding: Principles and Practices
Editore:
O'Reilly Media, Inc., 2003
ISBN 10: 0596002424
ISBN 13: 9780596002428
Antico o usato
Brossura
Da: World of Books (was SecondSale), Montgomery, IL, U.S.A.
Valutazione del venditore 5 su 5 stelle
Condizione: Good. Item in good condition. Textbooks may not include supplemental items i.e. CDs, access codes etc. Codice articolo 00095760158
Compra usato
EUR 3,81
Spedizione gratuita
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 2 disponibili
Immagini fornite dal venditore
Secure Coding: Principles and Practices
Editore:
O'Reilly Media, Inc., 2003
ISBN 10: 0596002424
ISBN 13: 9780596002428
Antico o usato
Brossura
Da: Zoom Books East, Glendale Heights, IL, U.S.A.
Valutazione del venditore 5 su 5 stelle
Condizione: very_good. Book is in very good condition and may include minimal underlining highlighting. The book can also include "From the library of" labels. May not contain miscellaneous items toys, dvds, etc. . We offer 100% money back guarantee and 24 7 customer service. Codice articolo ZEV.0596002424.VG
Compra usato
EUR 3,83
Spedizione gratuita
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 1 disponibili
Immagini fornite dal venditore
Secure Coding: Principles and Practices
Editore:
O'Reilly Media, Inc., 2003
ISBN 10: 0596002424
ISBN 13: 9780596002428
Antico o usato
Brossura
Da: Greenworld Books, Arlington, TX, U.S.A.
Valutazione del venditore 5 su 5 stelle
Condizione: good. Fast Free Shipping â" Good condition book with a firm cover and clean, readable pages. Shows normal use, including some light wear or limited notes highlighting, yet remains a dependable copy overall. Supplemental items like CDs or access codes may not be included. Codice articolo GWV.0596002424.G
Compra usato
EUR 4,19
Spedizione gratuita
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 2 disponibili
Foto dell'editore
Secure Coding: Principles and Practices
Da: HPB-Red, Dallas, TX, U.S.A.
Valutazione del venditore 5 su 5 stelle
paperback. Condizione: Good. Connecting readers with great books since 1972! Used textbooks may not include companion materials such as access codes, etc. May have some wear or writing/highlighting. We ship orders daily and Customer Service is our top priority! Codice articolo S_434892329
Compra usato
EUR 4,34
Spedizione EUR 3,16
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 1 disponibili
Foto dell'editore
Secure Coding : Principles and Practices
Editore:
O'Reilly Media, Incorporated, 2003
ISBN 10: 0596002424
ISBN 13: 9780596002428
Antico o usato
Brossura
Prima edizione
Da: Better World Books, Mishawaka, IN, U.S.A.
Valutazione del venditore 5 su 5 stelle
Condizione: Good. 1st Edition. Former library copy. Pages intact with minimal writing/highlighting. The binding may be loose and creased. Dust jackets/supplements are not included. Includes library markings. Stock photo provided. Product includes identifying sticker. Better World Books: Buy Books. Do Good. Codice articolo GRP56620135
Compra usato
EUR 8,67
Spedizione gratuita
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 1 disponibili
Foto dell'editore
Secure Coding: Principles and Practices
Editore:
O'Reilly Media, Inc., 2003
ISBN 10: 0596002424
ISBN 13: 9780596002428
Antico o usato
paperback
Da: HPB-Emerald, Dallas, TX, U.S.A.
Valutazione del venditore 5 su 5 stelle
paperback. Condizione: Very Good. Connecting readers with great books since 1972! Used books may not include companion materials, and may have some shelf wear or limited writing. We ship orders daily and Customer Service is our top priority! Codice articolo S_451944564
Compra usato
EUR 8,45
Spedizione EUR 3,16
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 1 disponibili
Foto dell'editore
Secure Coding: Principles and Practices
Da: HPB-Diamond, Dallas, TX, U.S.A.
Valutazione del venditore 5 su 5 stelle
paperback. Condizione: Very Good. Connecting readers with great books since 1972! Used books may not include companion materials, and may have some shelf wear or limited writing. We ship orders daily and Customer Service is our top priority! Codice articolo S_450341533
Compra usato
EUR 10,40
Spedizione EUR 3,16
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 1 disponibili
Foto dell'editore
Secure Coding : Principles and Practices
Editore:
O'Reilly Media, Incorporated, 2003
ISBN 10: 0596002424
ISBN 13: 9780596002428
Antico o usato
Brossura
Prima edizione
Da: Better World Books Ltd, Dunfermline, Regno Unito
Valutazione del venditore 5 su 5 stelle
Condizione: Very Good. 1st Edition. Pages intact with possible writing/highlighting. Binding strong with minor wear. Dust jackets/supplements may not be included. Stock photo provided. Product includes identifying sticker. Better World Books: Buy Books. Do Good. Codice articolo GRP105078590
Compra usato
EUR 5,38
Spedizione EUR 9,21
Spedito da Regno Unito a U.S.A.
Spedito da Regno Unito a U.S.A.
Quantità: 1 disponibili
Foto dell'editore
Secure Coding: Principles and Practices
Editore:
O'Reilly Media, Inc., 2003
ISBN 10: 0596002424
ISBN 13: 9780596002428
Antico o usato
Brossura
Da: medimops, Berlin, Germania
Valutazione del venditore 5 su 5 stelle
Condizione: very good. Gut/Very good: Buch bzw. Schutzumschlag mit wenigen Gebrauchsspuren an Einband, Schutzumschlag oder Seiten. / Describes a book or dust jacket that does show some signs of wear on either the binding, dust jacket or pages. Codice articolo M00596002424-V
Compra usato
EUR 9,92
Spedizione EUR 15,00
Spedito da Germania a U.S.A.
Spedito da Germania a U.S.A.
Quantità: 1 disponibili
Foto dell'editore
Secure Coding: Principles and Practices
Da: Toscana Books, AUSTIN, TX, U.S.A.
Valutazione del venditore 5 su 5 stelle
Paperback. Condizione: new. Excellent Condition.Excels in customer satisfaction, prompt replies, and quality checks. Codice articolo Scanned0596002424
Compra nuovo
EUR 27,10
Spedizione EUR 3,62
Spedito in U.S.A.
Spedito in U.S.A.
Quantità: 1 disponibili