TY - BOOK AU - Howard, Michael AU - LeBlanc, David TI - Writing Secure Code: Practical Strategies and Techniques for Secure Application Coding in a Networked World SN - 0735617228 PY - 2003/// CY - Redmond, Washington PB - Microsoft Press KW - Computer security KW - Data encryption (Computer science) N1 - Part I Contemporary Security. 1 The Need for Secure Systems. 2 The Proactive Security Development Process. 3 Security Principles to Live By. 4 Threat Modeling. Part II Secure Coding Techniques. 5 Public Enemy#1: The Buffer Overrun. 6 Determining Appropriate Access Control. 7 Running with Least Privilege. 8 Cryptographic Foibles. 9 Protecting Secret Data. 10 All Input Is Evil!. 11 Canonical Representation Issues. 12 Database Input Issues. 13 Web-Specific Input Issues. 14 Internationalization Issues. Part III Even More Secure Coding Techniques. 15 Socket Security. 16 Securing RPC, Active Controls, and DCOM. 17 Protecting Against Denial of Service Attacks. 18 Writing Secure.Net Code. Part IV Special Topics. 19 Security Testing. 20 Performing a Security Code Review. 21 Secure Software Installation. 22 Building Privacy into Your Application. 23 General Good Practices. 24 Writing Security Documentation and Erroe Messages. Part V Appendixes A Dangerous APIs. B Ridiculous Excuses We've Heard. C A Designer's Security Checklist. D A Developer's Security Checklist. E A Tester's Security Checklist ER -