Secure Coding: Principles and Practices [ILLUSTRATED]
2008-12-11 19:16
344 查看
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章原始出版、作者信息和本声明。否则将追究法律责任。http://blog.csdn.net/topmvp - topmvp
Practically every day, we read about a new type of attack on computer systems and networks. Viruses, worms, denials of service, and password sniffers are attacking all types of systems -- from banks to major e-commerce sites to seemingly impregnable government and military computers --at an alarming rate. Despite their myriad manifestations and different targets, nearly all attacks have one fundamental cause: the code used to run far too many systems today is not secure. Flaws in its design, implementation, testing, and operations allow attackers all-too-easy access. Secure Coding, by Mark G. Graff and Ken vanWyk, looks at the problem of bad code in a new way. Packed with advice based on the authors' decades of experience in the computer security field, this concise and highly readable book explains why so much code today is filled with vulnerabilities, and tells readers what they must do to avoid writing code that can be exploited by attackers. Writing secure code isn't easy, and there are no quick fixes to bad code. To build code that repels attack, readers need to be vigilant through each stage of the entire code lifecycle:
*Architecture: during this stage, applying security principles such as "least privilege" will help limit even the impact of successful attempts to subvert software.
*Design: during this stage, designers must determine how programs will behave when confronted with fatally flawed input data. The book also offers advice about performing security retrofitting when you don't have the source code -- ways of protecting software from being exploited even if bugs can't be fixed.
*Implementation: during this stage, programmers must sanitize all program input (the character streams representing a programs' entire interface with its environment -- not just the command lines and environment variables that are the focus of most security analysis).
*Testing: during this stage, programs must be checked using both static code checkers and runtime testing methods -- for example, the fault injection systems now available to check for the presence of such flaws as buffer overflow.
*Operations: during this stage, patch updates must be installed in a timely fashion. In early 2003, sites that had diligently applied Microsoft SQL Server updates were spared the impact of the Slammer worm that did serious damage to thousands of systems.
http://rapidshare.com/files/55148434/0596002424.rar http://depositfiles.com/files/1760207
Practically every day, we read about a new type of attack on computer systems and networks. Viruses, worms, denials of service, and password sniffers are attacking all types of systems -- from banks to major e-commerce sites to seemingly impregnable government and military computers --at an alarming rate. Despite their myriad manifestations and different targets, nearly all attacks have one fundamental cause: the code used to run far too many systems today is not secure. Flaws in its design, implementation, testing, and operations allow attackers all-too-easy access. Secure Coding, by Mark G. Graff and Ken vanWyk, looks at the problem of bad code in a new way. Packed with advice based on the authors' decades of experience in the computer security field, this concise and highly readable book explains why so much code today is filled with vulnerabilities, and tells readers what they must do to avoid writing code that can be exploited by attackers. Writing secure code isn't easy, and there are no quick fixes to bad code. To build code that repels attack, readers need to be vigilant through each stage of the entire code lifecycle:
*Architecture: during this stage, applying security principles such as "least privilege" will help limit even the impact of successful attempts to subvert software.
*Design: during this stage, designers must determine how programs will behave when confronted with fatally flawed input data. The book also offers advice about performing security retrofitting when you don't have the source code -- ways of protecting software from being exploited even if bugs can't be fixed.
*Implementation: during this stage, programmers must sanitize all program input (the character streams representing a programs' entire interface with its environment -- not just the command lines and environment variables that are the focus of most security analysis).
*Testing: during this stage, programs must be checked using both static code checkers and runtime testing methods -- for example, the fault injection systems now available to check for the presence of such flaws as buffer overflow.
*Operations: during this stage, patch updates must be installed in a timely fashion. In early 2003, sites that had diligently applied Microsoft SQL Server updates were spared the impact of the Slammer worm that did serious damage to thousands of systems.
http://rapidshare.com/files/55148434/0596002424.rar http://depositfiles.com/files/1760207
相关文章推荐
- <<Big Data: Principles and Best Practices of Scalable Realtime Data Systems>>读书笔记
- 关注的storm作者一本书---Big Data Principles and best practices of scalable realtime data systems
- Mobile Internetworking with IPv6: Concepts, Principles and Practices
- Object-Oriented Design Knowledge: Principles, Heuristics And Best Practices
- 《Web 2.0 Principles and Best Practices》
- ZLAN-212 Low Jitter Synchronizer Power Supply Decoupling and Layout Practices
- 《Concurrent Programming in Java: Design Principles and Patterns》Second Edition
- The Agile Manifesto and Principles
- 5 Best Practices to Secure and Protect SSH Server
- XBM Ball mill grinding principles and effects of evaluation
- Optimizing Data Access and Messaging - Best Practices for Maximizing Scalability and Cost Effectiven
- The Principles of Acceleration, Shock, and Vibration Sensors
- Multi-Core and Parallel Programming Practices笔记1
- Best Practices and Recommendations for RAC databases with SGA size over 100GB (文档 ID 1619155.1)
- Hack the Stack: Using Snort and Ethereal to Master the 8 Layers of an Insecure Network [ILLUSTRATED]
- Passive Optical Networks: Principles and Practice
- Adobe Photoshop CS3 A-Z: Tools and features illustrated ready reference
- Satellite Networking: Principles and Protocols
- 第二讲 Best Practices For Running IIS 6.0 And ASP.NET