Skip to Content
Secure Programming with Static Analysis
book

Secure Programming with Static Analysis

by Brian Chess, Jacob West
June 2007
Intermediate to advanced
624 pages
16h 18m
English
Addison-Wesley Professional
Content preview from Secure Programming with Static Analysis

5. Handling Input

Distrust and caution are the parents of security.

–BENJAMIN FRANKLIN

The most important defensive measure developers can take is to thoroughly validate the input their software receives. Input Validation and Representation is Kingdom #1 because unchecked or improperly checked input is the source of some of the worst vulnerabilities around, including buffer overflow, SQL injection, and a whole host of others.

Ask your local software security guru to name the single most important thing that developers can do to write secure code, and nine out of ten will tell you, “Never trust input.” Now try saying “Never trust input” to a group of programmers, and take stock of the quizzical looks on their faces. This edict meets with some ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

You might also like

Secure Programming Cookbook for C and C++

Secure Programming Cookbook for C and C++

John Viega, Matt Messier
Secure Coding: Principles and Practices

Secure Coding: Principles and Practices

Mark G. Graff, Kenneth R. van Wyk
Hands-On Security in DevOps

Hands-On Security in DevOps

Tony Hsiang-Chih Hsu
Securing DevOps

Securing DevOps

Julien Vehent

Publisher Resources

ISBN: 9780321424778Purchase book