24 Deadly Sins of Software Security and over one million other books are available for Amazon Kindle . Learn more


or
Sign in to turn on 1-Click ordering.
or
Amazon Prime free trial required. Sign up when you check out. Learn more
More Buying Choices
Have one to sell? Sell yours here
or
Get a £10.35 Amazon.co.uk Gift Card
24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
 
 
Share your own customer images
Search inside this book
Start reading 24 Deadly Sins of Software Security on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them [Paperback]

Michael Howard (Author), David Leblanc (Author), John Viega (Author)
5.0 out of 5 stars  See all reviews (1 customer review)
RRP: £37.99
Price: £32.29 & this item Delivered FREE in the UK with Super Saver Delivery. See details and conditions
You Save: £5.70 (15%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
In stock.
Dispatched from and sold by Amazon.co.uk. Gift-wrap available.
Only 4 left in stock--order soon (more on the way).
Want guaranteed delivery by Wednesday, May 30? Choose Express delivery at checkout. See Details

Formats

 Amazon Price New from Used from
Kindle Edition £24.22   -- --
Paperback £32.29   -- --
Trade In this Item for up to £10.35
Get an extra £5 when you trade in books worth £10 or more until June 30, 2012. Trade in 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them for an Amazon.co.uk gift card of up to £10.35, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Find more products eligible for trade-in.

Frequently Bought Together

Customers buy this book with Writing Secure Code 2nd Edition by Michael Howard Paperback £25.66

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them + Writing Secure Code 2nd Edition
Price For Both: £57.95

One of these items is dispatched sooner than the other. Show details

  • This item: 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them by Michael Howard Paperback

    In stock.
    Dispatched from and sold by Amazon.co.uk.
    This item Delivered FREE in the UK with Super Saver Delivery. See details and conditions

  • Writing Secure Code 2nd Edition by Michael Howard Paperback

    Usually dispatched within 3 to 6 weeks.
    Dispatched from and sold by Amazon.co.uk.
    This item Delivered FREE in the UK with Super Saver Delivery. See details and conditions

Product details

  • Paperback: 432 pages
  • Publisher: McGraw-Hill Osborne; 1 edition (1 Oct 2009)
  • Language English
  • ISBN-10: 0071626751
  • ISBN-13: 978-0071626750
  • Product Dimensions: 23.4 x 18.6 x 2.2 cm
  • Average Customer Review: 5.0 out of 5 stars  See all reviews (1 customer review)
  • Amazon Bestsellers Rank: 353,286 in Books (See Top 100 in Books)

    •  Would you like to update product info or give feedback on images?

  • See Complete Table of Contents

More About the Author

Michael Howard
Discover books, learn about writers, and more.

Visit Amazon's Michael Howard Page

Product Description

Product Description

"What makes this book so important is that it reflects the experiences of two of the industry's most experienced hands at getting real-world engineers to understand just what they're being asked for when they're asked to write secure code. The book reflects Michael Howard's and David LeBlanc's experience in the trenches working with developers years after code was long since shipped, informing them of problems." --From the Foreword by Dan Kaminsky, Director of Penetration Testing, IOActive

Eradicate the Most Notorious Insecure Designs and Coding Vulnerabilities

Fully updated to cover the latest security issues, 24 Deadly Sins of Software Security reveals the most common design and coding errors and explains how to fix each one-or better yet, avoid them from the start. Michael Howard and David LeBlanc, who teach Microsoft employees and the world how to secure code, have partnered again with John Viega, who uncovered the original 19 deadly programming sins. They have completely revised the book to address the most recent vulnerabilities and have added five brand-new sins. This practical guide covers all platforms, languages, and types of applications. Eliminate these security flaws from your code:

  • SQL injection
  • Web server- and client-related vulnerabilities
  • Use of magic URLs, predictable cookies, and hidden form fields
  • Buffer overruns
  • Format string problems
  • Integer overflows
  • C++ catastrophes
  • Insecure exception handling
  • Command injection
  • Failure to handle errors
  • Information leakage
  • Race conditions
  • Poor usability
  • Not updating easily
  • Executing code with too much privilege
  • Failure to protect stored data
  • Insecure mobile code
  • Use of weak password-based systems
  • Weak random numbers
  • Using cryptography incorrectly
  • Failing to protect network traffic
  • Improper use of PKI
  • Trusting network name resolution

About the Author

Michael Howard is is a principal security program manager on the Trustworthy Computing Group’s Security Engineering team at Microsoft. He is the author or coauthor of many well-known software security books and is an editor of IEEE Security & Privacy.

David LeBlanc, Ph.D., is a principal software development engineer on the Microsoft Office security team. He is a coauthor, with Michael Howard, of Writing Secure Code (Microsoft Press).

John Viega is CTO of the SaaS Business Unit at McAfee and was previously their chief security architect. He is the author of five other security books. Mr. Viega first defined the 19 deadly sins of software security for the Department of Homeland Security.

Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:

Suggested Tags from Similar Products

 (What's this?)
Be the first one to add a relevant tag (keyword that's strongly related to this product)
 
(6)
(5)
(5)
(5)
(3)
(3)
(3)
(2)
(2)
(2)

Your tags: Add your first tag
 
See most popular tags

What Other Items Do Customers Buy After Viewing This Item?

Explore similar items

Customer Reviews

4 star
0
3 star
0
2 star
0
1 star
0
Most Helpful Customer Reviews
1 of 1 people found the following review helpful
Format:Paperback
Noticed there were no reviews on this on amazon.co.uk, been some time since I bought it.

Having owned the previous "edition" for years I did NOT think twice before ordering this one when it was published.

The 24 deadly sins cover the things you MUST consider, the ESSENTIAL security stuff you CANNOT miss. Got it? This is probably one of the most important books about security, which you will return to again and again to remind yourself of the importance, and to make sure you can persuade others to the risks associated with these security issues.

This said lets look into some details, the parts included are very vendor neutral (good thing), covers multiple languages (some bias perhaps, but pretty neutral), the book includes lots of code examples to show the problems and lots of references to papers, tools, methods - enough to keep anyone busy doing better at software security.

The product description already list the specific sins, so there you have it - buy the book, hit your developers or yourself repeatedly if you forget some of these when doing development, system work, implementation projects etc.

Highly recommended - and do NOT consider it "old" just because it is published in 2009, the stuff is still too important.
Comment | 
Was this review helpful to you?
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com:  3 reviews
4 of 5 people found the following review helpful
24 Deadly Sins of Software Security 9 Aug 2010
By Mike Lyman - Published on Amazon.com
Format:Paperback|Amazon Verified Purchase
24 Deadly Sins carries on in the great tradition of the original 19 Deadly Sins but has expanded to cover problems that have developed since then as well as added coverage for more programing languages. It serves as a great introduction to the most common problems in software development that lead to security issues without getting bogged down in the weeds on any of them. It does not go into a great deal of detail so if that is what you are looking for this isn't the book you want but it does do what it sets out to do.

The organization of the book lends itself to a straight read through and as a jump around reference to cover the problems you need to look at when you need to look at them. Most chapters stand alone quite well and most references to other chapters are about closely related sins. It describes the basics of the problem, goes into more detail and helps you try to spot the problem in various languages. It covers some of the ways you can avoid the problems and provides additional remediation if available.

The book lends itself to being a decent text book on software security problems and its basic structure is not a bad approach to an introduction to the topic. I've been teaching an introduction to secure development class for a couple of years that was mostly based on the original book and I'm finishing updating that to the new 24 Deadly Sins breakdown.
1 of 1 people found the following review helpful
Great Summarization 6 Dec 2011
By W. Conklin - Published on Amazon.com
Format:Paperback|Amazon Verified Purchase
This book is the update to the 19 Deadly Sins, and does a tremendous job summarizing the information needed to understand the types of errors prevalent in software today. This is not a book with all the details behind the causes, fixes, etc. For those details, I would refer my students (and do) to Michael's other great book "Writing Secure Code, Second Edition". And for process related material, "The Security Development Lifecycle".

Howard is the real deal, a straight shooter and known for telling it like it is. This book is no different - no fluff, no extraneous material, just the stuff every project manager of a software development effort should know, so they know what to ask of their team.
1 of 3 people found the following review helpful
Disappointing In Lack of Detail 21 Oct 2011
By Jamison D. Dance - Published on Amazon.com
Format:Paperback|Amazon Verified Purchase
If you just look at the table of contentes, you might believe this book covers basic application security very thoroughly. However, reading the actual treatment of each topic is very disappointing. The actual explanations of the attacks and how to defend against them are difficult to follow and vague. If you didn't know what XXS was before reading this book, you probably still don't know after. Maybe the authors didn't want to encourage attackers by demonstrating actual attacks, but the book suffers greatly from not illustrating the "sins" with example attacks. Not a good introduction to application security.

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws is a much better treatment of security in web applications if that is what you are looking for.
Search Customer Reviews
Only search this product's reviews

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
Topic:
First post:
Prompts for sign-in
 

Search Customer Discussions
Search all Amazon discussions
   

Listmania!

Create a Listmania! list

Look for similar items by category

Look for similar items by subject


















i.e., each product must be in subject 1 AND subject 2 AND ...

Feedback


Amazon.co.uk Privacy Statement Amazon.co.uk Delivery Information Amazon.co.uk Returns & Exchanges