Book of the Month : 19 Deadly Sins of Software Security

This book is essential for anyone who is into software development to understand the basic security flaws as well as detect & eliminate them during the early development phase of the product itself.  It offers detailed coverage on 19 crucial security flaws each explained in separate chapters.

The book covers following 19 security flaws in each chapter.

  • Buffer overruns.
  • Format string problems.
  • Integer overflows.
  • SQL injection.
  • Command injection.
  • Failure to handle errors.
  • Cross-site scripting.
  • Failure to protect network traffic.
  • Use of magic URLs and hidden forms.
  • Improper use of SSL.
  • Use of weak password-based systems.
  • Failure to store and protect data securely.
  • Information leakage.
  • Trusting network address resolution.
  • Improper file access.
  • Race conditions.
  • Unauthenticated key exchange.
  • Failure to use cryptographically strong random numbers.
  • Poor usability.

In each of the chapter authors explain the nature of the sin, sample defect example, techniques for catching it during code review, unit test cases and additional defenses to make the exploitation harder. Code examples are written in most commonly used languages such as C, C++, C#, Java, PHP, Perl, VB etc and on all popular platforms including Windows, Linux, Unix and Mac OS X. This makes it, one of those rare books covering such crucial topic spreading to wide range of audiences.

Written by prominent authors, entire book is filled with rich technical code samples which make it more insightful and valuable resource for all coders out there.

[Ebook Download Link –]


Similar posts
  • Computer Security Tips: Stay Safe Onl... In recent times cyber security has raised the level of awareness and public consciousness as never before. Both large corporations and big organizations try to take care of online security as much as they can. That’s why cyber criminals and hackers have focused more on smaller companies and single entrepreneurs. This awful tendency leads to [...]
  • SecurityXploded Mentorship Programme ... I am writing this blog to share my SecurityXploded Student Mentorship Programme experience with the future students of this programme. My mentorship programme started last year in August when I was in 2nd year of MS at IIIT-Allahabad. I knew about SecurityXploded community since I used to follow their blogs, training programmes and security tools [...]
  • Code Injection and API Hooking Techni... Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]
  • Announcement – SecurityXploded ... From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any [...]
  • Advanced Malware Analysis Training Se... Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 2) Dissecting the HeartBeat  RAT Functionalities   This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting various Communications Of HeartBeat [...]

Leave a Reply