The Software Vulnerability Guide

Posted on by Ben Rothke

The Software Vulnerability Guide is an excellent resource for software developers. 

Every month, hundreds of security vulnerabilities and warnings are announced. Although they cover a wide set of products and programs, the underlying reason for them is generally the same: insecurely written software. When software is written in insecure code (which includes most software programs written today), serious security flaws are inevitable. 

The Software Vulnerability Guide was written to help software developers acquire the methods necessary to write secure code and find existing problems in current software. After making a persuasive case for secure code in part one, the book progresses into the areas that are crucial to writing secure software. 

Part two of the book covers system-level attacks and details important topics such as passwords, scripts and macros, and dynamic linking and loading (DLL). Part three plunges into attacks on the software, exploring heady concepts such as buffer overflows, format-string vulnerabilities, and integer overflow vulnerabilities. Most of these attacks have been known for decades but are only receiving wide-scale attention now. 

Further chapters delve into securing data and Web servers. For each of the vulnerabilities mentioned, the authors describe how they occur and how to prevent them. 

An enclosed CD-ROM contains software examples described in the text, plus various open-source security software testing tools, including Ethereal, Nessus, and Nmap. Any business serious about writing secure software should ensure that all of its code writers receive a copy of this book

Ben Rothke

Senior Information Security Manager, Tapad

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community