24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them

SIN 12INFORMATION LEAKAGE

OVERVIEW OF THE SIN

When we talk about information leakage as a security risk, we’re talking about the attacker getting data that leads to a breach of security or privacy policy, whether implicit or explicit. The data itself could be the goal (such as customer data), or the data can provide information that leads the attacker to his goal.

At a high level, there are three ways in which information gets leaked:

Accidentally The data is considered valuable, but it got out anyway, perhaps due to a logic problem in the code, or perhaps through a nonobvious channel. Or the data would be considered valuable if the designers ...

Get 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them by Michael Howard, David LeBlanc, John Viega

SIN 12INFORMATION LEAKAGE

OVERVIEW OF THE SIN

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly