19 Deadly sins of software security: Programming flaws and how to fix them
- New Delhi Tata McGraw-Hill Publishing company limited 2005
- 1-281
1. Buffer overruns 2. Format string problems 3. Integer overflows 4. SQL injection 5. Command injection 6. Failing to handle errors 7. Cross site scripting 8. Failing to protect network traffic 9. Use of magic URLs and hidden form fields 10. Improper use of SSL and TLS 11. Use of weak password-based systems 12. Failing to store and protect data security 13. Information leakage 14. Improper file access 15. Trusting network name resolution 16. Race conditions 17. Unauthenticated key exchange 18. Cryptographically strong random numbers 19. Poor usability