Security & Privacy
Secure Code
4 Mar 2002
I read a review of what sounds like an interesting book, "Writing Secure Code" by Michael Howard and David LeBlanc. Unfortunately, the review was in an email newsletter and there isn’t a Web version, so I can’t link to it, but here’s an excerpt.
In later chapters, like those on "The Buffer Overrun", "Determining Access Control", "Running with Least Privilege," "Storing Secrets" and others, they deal with what you might call the 10 demons of modern software—the weak coding practices which make the end product vulnerable to attack.