The 19 Deadly Sins of Software Security

re: The 19 Deadly Sins of Software Security

Sushant Bhatia — Tue, 12 Jul 2005 08:15:26 GMT

Can we see examples of the 19 sins in C# as an example?

re: The 19 Deadly Sins of Software Security

LarryOsterman — Tue, 12 Jul 2005 08:19:50 GMT

Ordered :)

The 19 Deadly Sins of Software Security

Dana Epp's ramblings at the Sanctuary — Tue, 12 Jul 2005 08:51:43 GMT

Ahhhhh... it was time for me to read a new software security book. I was just thinking about what was next to read. Tonight Michael Howard helped me out and told the world about a new book that he, David LeBlanc and John Viega have finished writing called "The 19 Deadly Sins of Software Security". The book is carved up into 19 chapters, or Sins, and each is only 10-15pp long. The Sins are: Buffer Overflows Format String problems SQL injection Command injection Failure to handle errors Cross-site scripting Failing to protect network traffic Use of "magic" URLs and hidden forms Improper use of SSL Use of weak password-based systems Failing to store and protect data Information leakage Improper file access Integer range errors Trusting network address information Signal race conditions Unauthenticated key exchange Failing to use cryptographically strong random numbers Poor usability These three guys have contributed to some of my favorite writings. I look forward to getting my hands on a copy....

re: The 19 Deadly Sins of Software Security

Ilya — Tue, 12 Jul 2005 09:50:19 GMT

Chapter 18 rather should be "Failing to use cryptography in a proper way" though :) Random numbers is a way too narrow spot at the whole subject's blunders.

The 19 Deadly Sins of Software Security

Uwe Hermann — Tue, 12 Jul 2005 11:52:00 GMT

Michael Howard, David LeBlanc and John Viega have written a book called The 19 Deadly Sins of Software Security, which is to be published soon.
It explains the most important security issues one encounters in the software industry in a Design Patterns-lik

re: The 19 Deadly Sins of Software Security

Brian Lounsberry — Wed, 13 Jul 2005 04:14:59 GMT

The work you did on WSC was eye opening and great stuff. However, I like the format you've chosen for this. You guys have this down to a science. I can't wait!

The 19 deadly sins of software security.

Productivity Hacks — Wed, 13 Jul 2005 04:25:29 GMT

Michael Howard, Microsoft's security expert, is working on a new book called The 19 deadly sins of software security. Get a copy for your IT guy. Here are Howard's deadly sins: 1. Buffer Overflows 2. Format String problems 3. SQL...

Channel 9: 19 deadly sins of software security

OpsanBlog — Wed, 13 Jul 2005 05:57:49 GMT

New security books from Microsoft security team

Sergey Simakov blog — Wed, 13 Jul 2005 17:50:17 GMT

New Team System Stuff - 2005-07-14

Rob Caron's Blog — Fri, 15 Jul 2005 04:35:47 GMT

Visual Studio Team System

There’s a new Team System community site – TeamSystemRocks.com! ⊕
Well,...

re: The 19 Deadly Sins of Software Security

michaelsilk — Thu, 21 Jul 2005 10:43:12 GMT

how can you say it's aimed a 'all languages' and then put the #1 'sin' as "buffer overflow" and #2 as format string!!

not really that language independant (so don't try to be ..?!).

jmo.

re: The 19 Deadly Sins of Software Security

SATISH BHARDWAJ — Tue, 26 Jul 2005 22:39:57 GMT

Congratulations to the writer of the book "19 deadly sins". I'm probably wasting my time making my comments which are not an attack on his book or on his idea. My comments are basically on the refusal of everypne to recognize that the hackers operate not because of the foolishness of anyone as the book implies. It is because the present system of browsing the net gives to much power who has money to buy any personal coputer that is powered by any browser. The web surfer can use any security system he can find on the net. If he is clever like the writer of the "19 deadly sins" he will device his own security software and market it through Amazon like our friend Michael does and become rich. May be not overnight but eventually.

Unless this power is taken away from the Hackers the security systems will do no good. The hackers job is relatively easy. It is to convince the servers that the request for any information is legitemate. There are no holds barred by the request for inormation. Perhaps Michael would agree with me that this is the job of the server. Send the files to the clients. But may be Michael would not agree with me. In that case I'd ask him to tell me and others what, in his view, is the job of the server?

Unless the job of the server is changed, basically by the rewriting of the code, there is no hope for the people who keep their files on the internet.

<a href="http://www.hackers10.blogspot.com/">STOP THE HACKER</a>

Perhaps I should have called my blog "ONLY ONE WAY TO STOP THE HACKERS.

re: The 19 Deadly Sins of Software Security

Sergey Kostrukov — Sun, 31 Jul 2005 14:18:12 GMT

Bla, Bla, Bla...

I has read "Writing Secure Code" book, and was interested. - thanks, Michael, for the good book.

I'll keep waiting, when this book will be published in Russian.

Drop My Rights

Stuart Celarier — Tue, 02 Aug 2005 20:09:31 GMT

Here's an invaluable resource...an article by Michael Howard titled Browsing the Web and Reading E-mail Safely as an Administrator. The article includes a great application called DropMyRights that lets a user who is running as administrator run applications in the much safer context of a non-administrator...

Michael Howard does it again: The 19 Deadly Sins of Software Security

Yves Hanoulle: Project Complete — Wed, 10 Aug 2005 00:05:19 GMT

Michael Howard does it again: The 19 Deadly Sins of Software Security

Yves Hanoulle: Project Complete — Wed, 10 Aug 2005 00:08:47 GMT

Michael Howard does it again: The 19 Deadly Sins of Software Security

Yves Hanoulle: Project Complete — Wed, 10 Aug 2005 00:14:33 GMT

Michael Howard does it again: The 19 Deadly Sins of Software Security

Yves Hanoulle: Project Complete — Wed, 10 Aug 2005 00:16:05 GMT

Michael Howard does it again: The 19 Deadly Sins of Software Security

Yves Hanoulle: Project Complete — Wed, 10 Aug 2005 00:17:06 GMT

Register Domain WebLog » Blog Archive » BNA's Web Watch -Data Security - April 2005

Wed, 18 Jul 2007 19:27:30 GMT

PingBack from http://blogsseek.com/register-domain/2007/07/17/bnas-web-watch-data-security-april-2005/

Os formatadores de strings da Granja do Solar « sec::h0p /* by Alberto Fabiano */

Thu, 08 Nov 2007 03:03:29 GMT

PingBack from http://sechop.wordpress.com/2007/11/05/os-formatadores-de-strings-da-granja-do-solar/

Os formatadores de strings da Granja do Solar « Inno::Blog /* by Alberto Fabiano */

Thu, 08 Nov 2007 03:15:47 GMT

PingBack from http://techberto.wordpress.com/2007/11/07/os-formatadores-de-strings-da-granja-do-solar/

Os formatadores de strings da Granja do Solar « sec::h0p /* by Alberto Fabiano */

Thu, 08 Nov 2007 03:31:08 GMT

PingBack from http://sechop.wordpress.com/2007/11/07/os-formatadores-de-strings-da-granja-do-solar/

Michael Howard’s Web Log : The 19 Deadly Sins of Software Security at Restaurants

Mon, 31 Dec 2007 09:35:03 GMT

PingBack from http://restaurants.247blogging.info/?p=468

A szoftver minőségbiztosítási eszközök valós lehetőségei és korlátai

Termékinformációk fejlesztőknek — Wed, 04 Feb 2009 08:04:20 GMT

[Nacsa Sándor, 2009. január 13. – február 3.]  A minőségbiztosítás kérdésköre szinte alig ismert

Michael Howard s Web Log The 19 Deadly Sins of Software Security | Paid Surveys

Michael Howard s Web Log The 19 Deadly Sins of Software Security | Paid Surveys — Fri, 29 May 2009 19:16:09 GMT

PingBack from http://paidsurveyshub.info/story.php?title=michael-howard-s-web-log-the-19-deadly-sins-of-software-security

Michael Howard s Web Log The 19 Deadly Sins of Software Security | pool toys

Michael Howard s Web Log The 19 Deadly Sins of Software Security | pool toys — Thu, 18 Jun 2009 11:37:13 GMT

PingBack from http://pooltoysite.info/story.php?id=8291