REVIEWSFOR24DEADLYSINSOFSOFTWARESECURITY“Wearestillpayingforthesecuritysinsofthepastandwearedoomedtofailureifwedon’tlearnfromourhistoryofpoorlywrittensoftware.Fromsomeofthemostrespectedauthorsintheindustry,thishard-hittingbookisamust-readforanysoftwaredeveloperorsecurityzealot.Repeatafterme–‘Thoushallnotcommitthesesins!’”—GeorgeKurtz,co-authorofallsixeditionsofHackingExposedandseniorvice-presidentandgeneralmanager,RiskandComplianceBusinessUnit,McAfeeSecurity“Thislittlegemofabookprovidesadviceonhowtoavoid24seriousproblemsinyourprograms—andhowtochecktoseeiftheyarepresentinothers.Theirpresentationissimple,straightforward,andthorough.Theyexplainwhythesearesinsandwhatcanbedoneaboutthem.Thisisanessentialbookforeveryprogrammer,regardlessofthelanguagetheyuse.Itwillbeawelcomeadditiontomybookshelf,andtomyteachingmaterial.Welldone!”—MattBishop,DepartmentofComputerScience,UniversityofCaliforniaatDavis“Theauthorshavedemonstratedonceagainwhythey’rethe‘who’swho’ofsoftwaresecurity.The24DeadlySinsofSoftwareSecurityisatourdeforcefordevelopers,securitypros,projectmanagers,andanyonewhoisastakeholderinthedevelopmentofquality,reliable,andthoughtfully-securedcode.Thebookgraphicallyillustratesthemostcommonanddangerousmistakesinmultiplelanguages(C++,C#,Java,Ruby,Python,Perl,PHP,andmore)andnumerousknown-goodpracticesformitigatingthesevulnerabilitiesand‘redeeming’pastsins.Itspracticalprosewalksreadersthroughspottingpatternsthatarepredictiveofsinfulcode(fromhigh-levelapplicationfunctionstocode-levelstringsearches),softwaretestingapproaches,andharnessesforrefiningoutvulnerableelements,andreal-worldexamplesofattacksthathavebeenimplementedinthewild.Theadviceandrecommendationsaresimilarlydown-to-earthandwrittenfromtheperspectiveofseasonedpractitionerswhohaveproducedhardened—andusable—softwareforconsumptionbyawiderangeofaudiences,fromconsumerstoopensourcecommunitiestolarge-scalecommercialenterprises.GetthisBibleofsoftwaresecuritytoday,andgoandsinnomore!”—JoelScambray,CEOofC...
