book

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them

by Michael Howard, David LeBlanc, John Viega

September 2009

Intermediate to advanced

464 pages

9h 58m

English

McGraw-Hill

Read now

Unlock full access

Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedA Note about LinqSinful C#Sinful PHPSinful Perl/CGISinful PythonSinful Ruby on RailsSinful Java and JDBCSinful C/C++Sinful SQLRelated SinsSpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinExample SinsCVE-2006-4953CVE-2006-4592Redemption StepsValidate All InputUse Prepared Statements to Build SQL StatementsC# RedemptionPHP 5.0 and MySQL 4.1 or Later RedemptionPerl/CGI RedemptionPython RedemptionRuby on Rails RedemptionJava Using JDBC RedemptionColdFusion RedemptionSQL RedemptionExtra Defensive MeasuresEncrypt Sensitive, PII, or Confidential DataUse URLScanOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedDOM-Based XSS or Type 0Reflected XSS, Nonpersistent XSS, or Type 1Stored XSS, Persistent XSS, or Type 2HTTP Response SplittingCross-Site Request ForgerySinful Ruby on Rails (XSS)Sinful Ruby on Rails (Response Splitting)Sinful CGI Application in Python (XSS)Sinful CGI Application in Python (Response Splitting)Sinful ColdFusion (XSS)Sinful ColdFusion (XSS)Sinful C/C++ ISAPI (XSS)Sinful C/C++ ISAPI (Response Splitting)Sinful ASP (XSS)Sinful ASP (Response Splitting)Sinful ASP.NET Forms (XSS)Sinful ASP.NET (Response Splitting)Sinful JSP (XSS)Sinful JSP (Response Splitting)Sinful PHP (XSS)Sinful PHP (Response Splitting)Sinful CGI Using Perl (XSS)Sinful mod_perl (XSS)Sinful mod_perl (Response Splitting)Sinful HTTP Requests (XSRF)Spotting the Sin PatternSpotting the XSS Sin During Code ReviewSpotting the XSRF Sin During Code ReviewTesting Techniques to Find the SinExample SinsCVE-2003-0712 Microsoft Exchange 5.5 Outlook Web Access XSSCVE-2004-0203 Microsoft Exchange 5.5 Outlook Web Access Response SplittingCVE-2005-1674 Help Center Live (XSS and XSRF)Redemption Steps (XSS and Response Splitting)Ruby on Rails Redemption (XSS)ISAPI C/C++ Redemption (XSS)Python Redemption(XSS)ASP Redemption (XSS)ASP.NET Web Forms Redemption (XSS)ASP.NET Web Forms Redemption (RS)JSP Redemption (XSS)PHP Redemption (XSS)CGI Redemption (XSS)mod_perl Redemption (XSS)Redemption Steps (XSRF)A Note about TimeoutsA Note about XSRF and POST vs. GETRuby on Rails Redemption (XSRF)ASP.NET Web Forms Redemption (XSRF)Non-Draconian Use of HTML EncodeExtra Defensive MeasuresUse HttpOnly CookiesWrap Tag Properties with Double QuotesConsider Using ASP.NET ViewStateUserKeyConsider Using ASP.NET ValidateRequestUse the ASP.NET Security Runtime Engine SecurityConsider Using OWASP CSRFGuardUse Apache::TaintRequestUse UrlScanSet a Default Character SetOther ResourcesSummary

Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedPrivacy Implications of Sinful GadgetsSinful JavaScript and HTMLSpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinExample SinsMicrosoft ISA Server XSS CVE-2003-0526Windows Vista Sidebar CVE-2007-3033 and CVE-2007-3032Yahoo! Instant Messenger ActiveX Control CVE-2007-4515Redemption StepsDon’t Trust InputReplace Insecure Constructs with More Secure ConstructsExtra Defensive MeasuresOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedMagic URLsPredictable CookiesHidden Form FieldsRelated SinsSpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinExample SinsCVE-2005-1784Redemption StepsAttacker Views the DataAttacker Replays the DataAttacker Predicts the DataAttacker Changes the DataExtra Defensive MeasuresOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin Explained64-bit ImplicationsSinful C/C++Related SinsSpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinExample SinsCVE-1999-0042CVE-2000-0389–CVE-2000-0392CVE-2002-0842, CVE-2003-0095, CAN-2003-0096CAN-2003-0352Redemption StepsReplace Dangerous String Handling FunctionsAudit AllocationsCheck Loops and Array AccessesReplace C String Buffers with C++ StringsReplace Static Arrays with STL ContainersUse Analysis ToolsExtra Defensive MeasuresStack ProtectionNonexecutable Stack and HeapOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedSinful C/C++Related SinsSpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinExample SinsCVE-2000-0573CVE-2000-0844Redemption StepsC/C++ RedemptionExtra Defensive MeasuresOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedSinful C and C++Sinful C#Sinful Visual Basic and Visual Basic .NETSinful JavaSinful PerlSpotting the Sin PatternSpotting the Sin During Code ReviewC/C++C#JavaVisual Basic and Visual Basic .NETPerlTesting Techniques to Find the SinExample SinsMultiple Integer Overflows in the SearchKit API in Apple Mac OS XInteger Overflow in Google Android SDKFlaw in Windows Script Engine Could Allow Code ExecutionHeap Overrun in HTR Chunked Encoding Could Enable Web Server CompromiseRedemption StepsDo the MathDon’t Use TricksWrite Out CastsUse SafeIntExtra Defensive MeasuresOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedSinful Calls to DeleteSinful Copy ConstructorsSinful ConstructorsSinful Lack of ReinitializationSinful Ignorance of STLSinful Pointer InitializationSpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinExample SinsCVE-2008-1754Redemption StepsMismatched new and delete RedemptionCopy Constructor RedemptionConstructor Initialization RedemptionReinitialization RedemptionSTL RedemptionUninitialized Pointer RedemptionExtra Defensive MeasuresOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedSinful C++ ExceptionsSinful Structured Exception Handling (SEH)Sinful Signal HandlingSinful C#, VB.NET, and JavaSinful RubySpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinExample SinsCVE-2007-0038Redemption StepsC++ RedemptionSEH RedemptionSignal Handler RedemptionOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedRelated SinsSpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinExample SinsCAN-2001-1187CAN-2002-0652Redemption StepsData ValidationWhen a Check FailsExtra Defensive MeasuresOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedYielding Too Much InformationIgnoring ErrorsMisinterpreting ErrorsUsing Useless Return ValuesUsing Non-Error Return ValuesSinful C/C++Sinful C/C++ on WindowsRelated SinsSpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinExample SinCVE-2007-3798 tcpdump print-bgp.c Buffer Overflow VulnerabilityCVE-2004-0077 Linux Kernel do_mremapRedemption StepsC/C++ RedemptionOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedSide ChannelsTMI: Too Much Information!A Model for Information Flow SecuritySinful C# (and Any Other Language)Related SinsSpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinThe Stolen Laptop ScenarioExample SinsCVE-2008-4638CVE-2005-1133Redemption StepsC# (and Other Languages) RedemptionNetwork Locality RedemptionExtra Defensive MeasuresOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedSinful CodeRelated SinsSpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinExample SinsCVE-2008-0379CVE-2008-2958CVE-2001-1349CAN-2003-1073CVE-2000-0849Redemption StepsExtra Defensive MeasuresOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedWho Are Your Users?The Minefield: Presenting Security Information to Your UsersRelated SinsSpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinExample SinsSSL/TLS Certificate AuthenticationInternet Explorer 4.0 Root Certificate InstallationRedemption StepsWhen Users Are Involved, Make the UI Simple and ClearMake Security Decisions for UsersMake Selective Relaxation of Security Policy EasyClearly Indicate ConsequencesMake It ActionableProvide Central ManagementOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedSinful Installation of Additional SoftwareSinful Access ControlsSinful Prompt FatigueSinful IgnoranceSinfully Updating Without NotifyingSinfully Updating One System at a TimeSinfully Forcing a RebootSinfully Difficult PatchingSinful Lack of a Recovery PlanSinfully Trusting DNSSinfully Trusting the Patch ServerSinful Update SigningSinful Update UnpackingSinful User Application UpdatingSpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinExample SinsApple QuickTime UpdateMicrosoft SQL Server 2000 PatchesGoogle’s Chrome BrowserRedemption StepsInstallation of Additional Software RedemptionAccess Control RedemptionPrompt Fatigue RedemptionUser Ignorance RedemptionUpdating Without Notifying RedemptionUpdating One System at a Time RedemptionForcing a Reboot RedemptionDifficult Patching RedemptionLack of a Recovery Plan RedemptionTrusting DNS RedemptionTrusting the Patch Server RedemptionUpdate Signing RedemptionUpdate Unpacking RedemptionUser Application Updating RedemptionExtra Defensive MeasuresOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedRelated SinsSpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinExample SinsRedemption StepsWindows, C, and C++Linux, BSD, and Mac OS X.NET CodeExtra Defensive MeasuresOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedWeak Access Controls on Stored DataSinful Access ControlsWeak Encryption of Stored DataRelated SinsSpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinExample SinsCVE-2000-0100CVE-2005-1411CVE-2004-0907Redemption StepsC++ Redemption on WindowsC# Redemption on WindowsC/C++ Redemption (GNOME)Extra Defensive MeasuresOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedSinful Mobile CodeSinful Mobile Code ContainersRelated SinsSpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinExample SinsCVE-2006-2198CVE-2008-1472CVE-2008-5697Redemption StepsMobile Code Container Redemption StepsMobile Code RedemptionsExtra Defensive MeasuresOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedPassword CompromiseAllowing Weak PasswordsPassword IterationNot Requiring Password ChangesDefault PasswordsReplay AttacksStoring Passwords Instead of Password VerifiersBrute-Force Attacks Against Password VerifiersRevealing Whether a Failure Is Due to an Incorrect User or PasswordOnline AttacksReturning a Forgotten PasswordRelated SinsSpotting the Sin PatternPassword CompromiseAllowing Weak PasswordsIterated PasswordsNever Changing a PasswordDefault PasswordsReplay AttacksBrute Force Attacks Against Password VerifiersStoring Passwords Instead of Password VerifiersOnline AttacksReturning a Forgotten PasswordSpotting the Sin During Code ReviewTesting Techniques to Find the SinPassword CompromiseReplay AttacksBrute-Force AttacksExample SinsZombies Ahead!Microsoft Office Password to ModifyAdobe Acrobat EncryptionWU-ftpd Core DumpCVE-2005-1505CVE-2005-0432The TENEX BugSarah Palin Yahoo E-Mail CompromiseRedemption StepsPassword Compromise RedemptionWeak Password RedemptionIterated Password RedemptionPassword Change RedemptionDefault Password RedemptionReplay Attack RedemptionPassword Verifier RedemptionOnline Brute-Force Attack RedemptionLogon Information Leak RedemptionForgotten Password RedemptionExtra Defensive MeasuresOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedSinful Non-cryptographic GeneratorsSinful Cryptographic GeneratorsSinful True Random Number GeneratorsRelated SinsSpotting the Sin PatternSpotting the Sin During Code ReviewWhen Random Numbers Should Have Been UsedFinding Places That Use PRNGsDetermining Whether a CRNG Is Seeded ProperlyTesting Techniques to Find the SinExample SinsTCP/IP Sequence NumbersODF Document Encryption StandardCVE-2008-0166 Debian “Random” Key GenerationThe Netscape BrowserRedemption StepsWindows, C, and C++Windows with Trusted Platform Module (TPM) Support.NET CodeUnixJavaReplaying Number StreamsExtra Defensive MeasuresOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedUsing Home-Grown CryptographyCreating a Protocol from Low-Level Algorithms When a High-Level Protocol Will DoUsing a Weak Cryptographic PrimitiveUsing a Cryptographic Primitive IncorrectlyUsing the Wrong Cryptographic PrimitiveUsing the Wrong Communication ProtocolFailing to Use SaltFailing to Use a Random IVUsing a Weak Key Derivation FunctionFailure to Provide an Integrity CheckFailure to Use Agile EncryptionRelated SinsSpotting the Sin PatternSpotting the Sin During Code ReviewUsing Home-Grown Cryptography (VB.NET and C++)Creating a Protocol from Low-Level Algorithms When a High-Level Protocol Will DoUsing a Weak Cryptographic Primitive (C# and C++)Using a Cryptographic Primitive Incorrectly (Ruby, C#, and C++)Using the Wrong Cryptographic PrimitiveUsing the Wrong Communication ProtocolTesting Techniques to Find the SinExample SinsMicrosoft Office XOR ObfuscationAdobe Acrobat and Microsoft Office Weak KDFRedemption StepsUsing Home-Grown Cryptography RedemptionCreating a Protocol from Low-Level Algorithms When a High-Level Protocol Will Do RedemptionUsing a Weak Cryptographic Primitive RedemptionUsing a Cryptographic Primitive Incorrectly RedemptionUsing the Wrong Cryptographic Primitive RedemptionFailing to Use Salt RedemptionFailing to Use a Random IV RedemptionUsing a Weak Key Derivation Function RedemptionFailure to Provide an Integrity Check RedemptionFailure to Use Agile Encryption RedemptionUsing the Wrong Communication Protocol RedemptionExtra Defensive MeasuresOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedRelated SinsSpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinExample SinsTCP/IPE-Mail ProtocolsE*TRADERedemption StepsExtra Defensive MeasuresOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedRelated SinsSpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinExample SinsCVE-2007-4680CVE-2008-2420Redemption StepsEnsuring Certificate ValidityExtra Defensive MeasuresOther ResourcesSummary
Overview of the SinCWE ReferencesAffected LanguagesThe Sin ExplainedSinful ApplicationsRelated SinsSpotting the Sin PatternSpotting the Sin During Code ReviewTesting Techniques to Find the SinExample SinsCVE-2002-0676CVE-1999-0024Redemption StepsOther ResourcesSummary

Content preview from 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them

SIN 14POOR USABILITY

OVERVIEW OF THE SIN

In their landmark 1974 paper, “The Protection of Information in Computer Systems,” Jerome Saltzer and Michael Schroeder espoused a handful of important design principles; principles that over 35 years later are as valid today as they were back then. The last of these principles is “psychological acceptability,” which states:

It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly. Also, to the extent that the user’s mental image of his protection goals matches the mechanisms he must use, mistakes will be minimized. If he must translate his image of his protection needs into a radically different specification ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

Publisher Resources

ISBN: 9780071626750

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them

by Michael Howard, David LeBlanc, John Viega

SIN 14POOR USABILITY

OVERVIEW OF THE SIN

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

97 Things Every Information Security Professional Should Know

Designing Secure Software

Application Security Program Handbook

Publisher Resources

SIN 14POOR USABILITY

OVERVIEW OF THE SIN

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

97 Things Every Information Security Professional Should Know

Designing Secure Software

Application Security Program Handbook

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.