19 Deadly Sins Of Software Security

A book by : Michael Howard, David LeBlanc, John Viega (Authors)

Those who cannot remember the past are condemned to repeat it.” For far too long, software developers have been making the same mistakes in programming as if they were incapable of remembering their past errors.

Poorly written software lies behind nearly every computer security vulnerability.

The 19 programming flaws include the most devastating types of coding and architectural errors, such as buffer overflows, format string problems, cross-site scripting, and insufficient encryption.

Eliminate these security flaws from your code:

  • Buffer overruns
  • Format string problems
  • Integer overflows
  • SQL injection
  • Command injection
  • Failure to handle errors
  • Cross-site scripting
  • Failure to protect network traffic
  • Use of magic URLs and hidden forms
  • Improper use of SSL
  • Use of weak password-based systems
  • Failure to store and protect data securely
  • Information leakage
  • Trusting network address resolution
  • Improper file access
  • Race conditions
  • Unauthenticated key exchange
  • Failure to use cryptographically strong random numbers
  • Poor usability


2 thoughts on “19 Deadly Sins Of Software Security

  1. Pingback: SiteMap: Published Articles « Prerna Jain

  2. Pingback: SiteMap: Categorised List Of All Articles « E-Prerna.Com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s