Link To Full Story: books.dzone.com
One Minute Bottom Line
| If you write code this book deserves a place on your bookshelf. It clearly demonstrates the sin, but shows how to find it and fix it (in several different languages C.C++ perl, php etc.). It may not cover every possible sin, but as the authors say if you do everything in this book you are doing pretty well. |
Review
I was thrilled to be able to read and review this book, since I had read most of the previous version “19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them” while sitting in bookstores.
Each chapter covers a single code sin and follows a standard pattern:
- Overview of the sin – A general description of the design/programming error,
- Common Weakness Enumeration Project (CWE ) references – related CWE entries,
- Affected languages – Which languages are vulnerable to this type of defect,
- The sin explained – code examples demonstrating the sin,
- Spotting the sin pattern – How to identify code that may be guilty of this sin,
- Spotting the sin during code review – suspect keywords, functions and procedures,
- Testing techniques to find the sin – how to locate the sin as part of your testing regime,
- Example sins - real world exploit code,
- Redemption steps – how to rewrite your code to remove the sin,
- Extra defensive measures – defense in depth protections,
- Other Resources – a list of related books and articles,
- Summary – a checklist of do’s and don’ts.
Post a Comment