undrgrnd Cliquez ici Toys KDP nav-sa-clothing-shoes nav-sa-clothing-shoes Cloud Drive Photos Beauty nav_egg15 Cliquez ici Acheter Fire Acheter Kindle Paperwhite cliquez_ici Jeux Vidéo Gifts
Commencez à lire 24 Deadly Sins of Software Security sur votre Kindle dans moins d'une minute. Vous n'avez pas encore de Kindle ? Achetez-le ici Ou commencez à lire dès maintenant avec l'une de nos applications de lecture Kindle gratuites.

Envoyer sur votre Kindle ou un autre appareil


Essai gratuit

Découvrez gratuitement un extrait de ce titre

Envoyer sur votre Kindle ou un autre appareil

Désolé, cet article n'est pas disponible en
Image non disponible pour la
couleur :
Image non disponible

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them [Format Kindle]

Michael Howard , David LeBlanc , John Viega

Prix éditeur - format imprimé : EUR 50,41
Prix Kindle : EUR 35,94 TTC & envoi gratuit via réseau sans fil par Amazon Whispernet
Économisez : EUR 14,47 (29%)

App de lecture Kindle gratuite Tout le monde peut lire les livres Kindle, même sans un appareil Kindle, grâce à l'appli Kindle GRATUITE pour les smartphones, les tablettes et les ordinateurs.

Pour obtenir l'appli gratuite, saisissez votre adresse e-mail ou numéro de téléphone mobile.


Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle EUR 35,94  
Broché EUR 49,98  

Idée cadeau Noël : Retrouvez toutes les idées cadeaux Livres dans notre Boutique Livres de Noël .

Les clients ayant acheté cet article ont également acheté

Cette fonction d'achat continuera à charger les articles. Pour naviguer hors de ce carrousel, veuillez utiliser votre touche de raccourci d'en-tête pour naviguer vers l'en-tête précédente ou suivante.

Descriptions du produit

Présentation de l'éditeur

"What makes this book so important is that it reflects the experiences of two of the industry's most experienced hands at getting real-world engineers to understand just what they're being asked for when they're asked to write secure code. The book reflects Michael Howard's and David LeBlanc's experience in the trenches working with developers years after code was long since shipped, informing them of problems." --From the Foreword by Dan Kaminsky, Director of Penetration Testing, IOActive

Eradicate the Most Notorious Insecure Designs and Coding Vulnerabilities

Fully updated to cover the latest security issues, 24 Deadly Sins of Software Security reveals the most common design and coding errors and explains how to fix each one-or better yet, avoid them from the start. Michael Howard and David LeBlanc, who teach Microsoft employees and the world how to secure code, have partnered again with John Viega, who uncovered the original 19 deadly programming sins. They have completely revised the book to address the most recent vulnerabilities and have added five brand-new sins. This practical guide covers all platforms, languages, and types of applications. Eliminate these security flaws from your code:

  • SQL injection
  • Web server- and client-related vulnerabilities
  • Use of magic URLs, predictable cookies, and hidden form fields
  • Buffer overruns
  • Format string problems
  • Integer overflows
  • C++ catastrophes
  • Insecure exception handling
  • Command injection
  • Failure to handle errors
  • Information leakage
  • Race conditions
  • Poor usability
  • Not updating easily
  • Executing code with too much privilege
  • Failure to protect stored data
  • Insecure mobile code
  • Use of weak password-based systems
  • Weak random numbers
  • Using cryptography incorrectly
  • Failing to protect network traffic
  • Improper use of PKI
  • Trusting network name resolution

Biographie de l'auteur

Michael Howard is is a principal security program manager on the Trustworthy Computing Group’s Security Engineering team at Microsoft. He is the author or coauthor of many well-known software security books and is an editor of IEEE Security & Privacy.

David LeBlanc, Ph.D., is a principal software development engineer on the Microsoft Office security team. He is a coauthor, with Michael Howard, of Writing Secure Code (Microsoft Press).

John Viega is CTO of the SaaS Business Unit at McAfee and was previously their chief security architect. He is the author of five other security books. Mr. Viega first defined the 19 deadly sins of software security for the Department of Homeland Security.

Détails sur le produit

  • Format : Format Kindle
  • Taille du fichier : 1678 KB
  • Nombre de pages de l'édition imprimée : 432 pages
  • Utilisation simultanée de l'appareil : Jusqu'à 4 appareils simultanés, selon les limites de l'éditeur
  • Editeur : McGraw-Hill Education; Édition : 1 (22 septembre 2009)
  • Vendu par : Amazon Media EU S.à r.l.
  • Langue : Anglais
  • ASIN: B002R0JXEU
  • Synthèse vocale : Activée
  • X-Ray :
  • Word Wise: Non activé
  • Composition améliorée: Non activé
  • Classement des meilleures ventes d'Amazon: n°341.736 dans la Boutique Kindle (Voir le Top 100 dans la Boutique Kindle)

En savoir plus sur les auteurs

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Commentaires en ligne

Il n'y a pas encore de commentaires clients sur Amazon.fr
5 étoiles
4 étoiles
3 étoiles
2 étoiles
1 étoiles
Commentaires client les plus utiles sur Amazon.com (beta)
Amazon.com: 4.5 étoiles sur 5  10 commentaires
11 internautes sur 12 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 24 Deadly Sins of Software Security 9 août 2010
Par Mike - Publié sur Amazon.com
Format:Broché|Achat vérifié
24 Deadly Sins carries on in the great tradition of the original 19 Deadly Sins but has expanded to cover problems that have developed since then as well as added coverage for more programing languages. It serves as a great introduction to the most common problems in software development that lead to security issues without getting bogged down in the weeds on any of them. It does not go into a great deal of detail so if that is what you are looking for this isn't the book you want but it does do what it sets out to do.

The organization of the book lends itself to a straight read through and as a jump around reference to cover the problems you need to look at when you need to look at them. Most chapters stand alone quite well and most references to other chapters are about closely related sins. It describes the basics of the problem, goes into more detail and helps you try to spot the problem in various languages. It covers some of the ways you can avoid the problems and provides additional remediation if available.

The book lends itself to being a decent text book on software security problems and its basic structure is not a bad approach to an introduction to the topic. I've been teaching an introduction to secure development class for a couple of years that was mostly based on the original book and I'm finishing updating that to the new 24 Deadly Sins breakdown.
1 internautes sur 1 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Great overview of the topic 13 novembre 2013
Par Codemonkey - Publié sur Amazon.com
Format:Broché|Achat vérifié
Originally stumbled across a copy of 19 Deadly Sins in a half price bookstore and found myself thoroughly engrossed. When I discovered there was a second edition with even more information, I was all over it.

Software Security is a topic that all too often gets overlooked in the development process. That does a disservice to the client, the product, the developer and the company and not just for the obvious reasons. You see the same thought processes and practices which are required to build secure software also result in cleaner, less buggy, higher quality code. Wins all round.

This book covers multiple common types of security vulnerability, explaining what, why and how and giving examples of the problems and ways to mitigate / avoid them in multiple languages. More importantly, it gets you thinking about these important issues and about the quality of your code in general.

The book can be read cover to cover or you can cherry-pick the section(s) that are relevant (or which simply catch your interest) at any given time. Personally I prefer the latter as I absorb information better when I am particularly interested in the topic at hand.

This book has something for every software engineer, no matter what you work on. Highly recommended food for thought. :)
1 internautes sur 1 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Great Summarization 6 décembre 2011
Par W. Conklin - Publié sur Amazon.com
Format:Broché|Achat vérifié
This book is the update to the 19 Deadly Sins, and does a tremendous job summarizing the information needed to understand the types of errors prevalent in software today. This is not a book with all the details behind the causes, fixes, etc. For those details, I would refer my students (and do) to Michael's other great book "Writing Secure Code, Second Edition". And for process related material, "The Security Development Lifecycle".

Howard is the real deal, a straight shooter and known for telling it like it is. This book is no different - no fluff, no extraneous material, just the stuff every project manager of a software development effort should know, so they know what to ask of their team.
1 internautes sur 1 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Excellent book!!! 24 décembre 2012
Par Jose A. Villegas - Publié sur Amazon.com
Format:Broché|Achat vérifié
The authors definitely know about software vulnerabilities due mostly in part by mistakes made during software development and coding processes. Their recommendations are very effective and I am very satisfied with my purchase.
5.0 étoiles sur 5 Very useful for developers 24 juin 2014
Par Product Customer - Publié sur Amazon.com
Format:Broché|Achat vérifié
This book is an excellent resource for any software professional. As massive data breaches and security vulnerabilities continue to fill the news, I began to wonder what I should be looking for in my own code to make it more secure. This book meets that need by summarizing the major risks in software security in a readable, to-the-point manner. Each risk is described, and then followed with code samples (in a variety of languages relevant to the flaw, including C, C++, Java, Perl, Ruby, Python, C#, and others), testing techniques, remediation steps, and additional references. If you're looking for a great reference to quickly bring you up to speed on the major software security flaws and how to handle them, this is it.
Ces commentaires ont-ils été utiles ?   Dites-le-nous

Discussions entre clients

Le forum concernant ce produit
Discussion Réponses Message le plus récent
Pas de discussions pour l'instant

Posez des questions, partagez votre opinion, gagnez en compréhension
Démarrer une nouvelle discussion
Première publication:
Aller s'identifier

Rechercher parmi les discussions des clients
Rechercher dans toutes les discussions Amazon

Rechercher des articles similaires par rubrique