Chúng tôi vẫn đang trả tiền cho những tội lỗi bảo mật của quá khứ và chúng ta cam chịu thất bại nếu chúng ta về phần mềm kém văn bản. Từ một số các tác giả được kính trọng nhất trong ngành công nghiệp, cuốn sách này khó đánh là phải đọc đối với bất kì nhà phát triển phần mềm hay cuồng tín, an ninh. | WY Covers Windows UNIX Linux Mac OS X c C c Java PHP Perl Python Ruby Visual Basic Web Smart-Client Applications Mobile Applications s ECURITY Programming Flaws and How to Fix Them Michael Howard David LeBlanc John Viega Foreword by Dan Kaminsky Director of Penetration Testing lOActive REVIEWS FOR 24 DEADLY SINS OF SOFTWARE SECURITY We are still paying for the security sins of the past and we are doomed to failure if we don t learn from our history of poorly written software. From some of the most respected authors in the industry this hard-hitting book is a must-read for any software developer or security zealot. Repeat after me- Thou shall not commit these sins George Kurtz co-author of all six editions of Hacking Exposed and senior vice-president and general manager Risk and Compliance Business Unit McAfee Security This little gem of a book provides advice on how to avoid 24 serious problems in your programs and how to check to see if they are present in others. Their presentation is simple straightforward and thorough. They explain why these are sins and what can be done about them. This is an essential book for every programmer regardless of the language they use. It will be a welcome addition to my bookshelf and to my teaching material. Well done Matt Bishop Department of Computer Science University of California at Davis The authors have demonstrated once again why they re the who s who of software security. The 24 Deadly Sins of Software Security is a tour de force for developers security pros project managers and anyone who is a stakeholder in the development of quality reliable and thoughtfully-secured code. The book graphically illustrates the most common and dangerous mistakes in multiple languages C C Java Ruby Python Perl PHP and more and numerous known-good practices for mitigating these vulnerabilities and redeeming past sins. Its practical prose walks readers through spotting patterns that are predictive of sinful code from high-level application .