his essential book for all software developers?regardless of platform, language, or type of application?outlines the “19 deadly sins” of software security and shows how to fix each one. Best-selling authors Michael Howard and David LeBlanc, who teach Microsoft employees how to secure code, have partnered with John Viega, the man who uncovered the 19 deadly programming sins to write this much-needed book. Coverage includes:
- Windows, UNIX, Linux, and Mac OS X
- C, C++, C#, Java, PHP, Perl, and Visual Basic
- Web, small client, and smart-client applications
Format string problems may be one of the newest types of attacks to emerge but they are insidious and rank No. 2 on the “deadly sins.” The most strongly affected language is C/C++. A successful attack can lead immediatelyto the execution of arbitrary code, and to information disclosure.
Download the PDF of Chapter 2, “Format String Problems.”
Reproduced from “19 Deadly Sins of Software Security” by permission of McGraw-Hill/Osborne. 0072260858, copyright 2005. All rights reserved.