Text

Writing secure code

---

Table of contents:

Part I: Contemporary Security

Chapter 1: The Need for Secure Systems
Chapter 2: The Proactive Security Development Process
Chapter 3: Security Principles to Live By
Chapter 4: Threat Modeling

Part II: Secure Coding Techniques

Chapter 5: Public Enemy #1: The Buffer Overrun
Chapter 6: Determining Appropriate Access Control
Chapter 7: Running with Least Privilege
Chapter 8: Cryptographic Foibles
Chapter 9: Protecting Secret Data
Chapter 10: All Input Is Evil!
Chapter 11: Canonical Representation Issues
Chapter 12: Database Input Issues
Chapter 13: Web-Specific Input Issues
Chapter 14: Internationalization Issues

Part III: Even More Secure Coding Techniques

Chapter 15: Socket Security
Chapter 16: Securing RPC, ActiveX Controls, and DCOM
Chapter 17: Protecting Against Denial of Service Attacks
Chapter 18: Writing Secure .NET Code

Part IV: Special Topics

Chapter 19: Security Testing
Chapter 20: Performing a Security Code Review
Chapter 21: Secure Software Installation
Chapter 22: Building Privacy into Your Application
Chapter 23: General Good Practices
Chapter 24: Writing Security Documentation and Error Messages

Part V: Appendixes

Appendix A: Dangerous APIs
Appendix B: Ridiculous Excuses We’ve Heard
Appendix C: A Designer’s Security Checklist
Appendix D: A Developer’s Security Checklist
Appendix E: A Tester’s Security Checklist
Appendix F: Annotated Bibliography

---

Availability

Detail Information

Series Title

--

Call Number

005.8 HOW w

Publisher

Washington : Microsoft Press., 2003

Collation

xxviii, 768 hal.; ilus.; 24 cm

Language

English

ISBN/ISSN

0735617228

Classification

005.8

Content Type

-

Media Type

-

Carrier Type

-

Edition

Second Edition

Subject(s)

Computer security
Data Encryption (Computer Science)

Specific Detail Info

--

Statement of Responsibility

Michael Howard and David LeBlanc

Other version/related

File Attachment

Comments

---

You must be logged in to post a comment