10 December 2007
Author:
iNDEx |
Comments (1) | Views: 407
Software security is the practice of building software to be secure and function properly under malicious attack. This book is about one of software security’s most important practices: code review with a static analysis tool.
In my book Software Security, I introduce a set of seven best practices called touchpoints. Putting software security into practice requires making some changes to the way most organizations build software. The good news is that these changes don’t need to be fundamental, earth shattering, or cost-prohibitive. In fact, adopting a straightforward set of engineering best practices, designed in such a way that security can be interleaved into existing development processes, is often all it takes.
The book is not a guide to using security features, frameworks, or APIs. We do not discuss the Java Security Manager, advanced cryptographic techniques, or the right approach to identity management. Clearly, these are important topics. They are so important, in fact, that they warrant books of their own. Our goal is to focus on things unrelated to security features that put security at risk when they go wrong.
This book is written for people who have decided to make software security a priority. We hope that programmers, managers, and software architects will all benefit from reading it. Although we do not assume any detailed knowledge about software security or static analysis, we cover the subject matter in enough depth that we hope professional code reviewers and penetration testers will benefit, too. We do assume that you are comfortable programming in either C or Java, and that you won’t be too uncomfortable reading short examples in either language. Some chapters are slanted more toward one language than another. For instance, the examples in the chapters on buffer overflow are written in C.
TABLE OF CONTENT:
Chapter 01 - The Software Security Problem
Chapter 02 - Introduction to Static Analysis
Chapter 03 - Static Analysis as Part of the Code Review Process
Chapter 04 - Static Analysis Internals
Chapter 05 - Handling Input
Chapter 06 - Buffer Overflow
Chapter 07 - Bride of Buffer Overflow
Chapter 08 - Errors and Exceptions
Chapter 09 - Web Applications
Chapter 10 - XML and Web Services
Chapter 11 - Privacy and Secrets
Chapter 12 - Privileged Programs
Chapter 13 - Source Code Analysis Exercises for Java
Chapter 14 - Source Code Analysis Exercises for C
You must register before you can view this text.
Download - Please Register First!
| Information |
 |
 |
Members of Guest cannot leave comments. |
