Information Security: The Complete Reference, Second Edition, 2nd Edition by Mark Rhodes-Ousley

This chapter covers some representative security vulnerabilities in software that enable common attacks that exploit them, and some remedies and defensive strategies. Some issues are specific to certain languages, while other issues are language-agnostic. This vulnerability/mitigation approach to describing secure programming techniques is not the only way to present the information—another technique is to provide secure coding guidance at the mechanical level, structuring the content around common situations programmers can recognize, such as handling data, managing resources, handling events, and using third-party tools for enhanced security. Microsoft and CERT have produced guidelines organized ...