---

CONTENTS OF THE BOOK

Introduction
Overview of the purpose, scope, and structure of the document.

Background
Foundational concepts needed for understanding secure programming.

• History of Unix, Linux, and Open Source / Free Software
  • Unix
  • Free Software Foundation
  • Linux
  • Open Source / Free Software
  • Comparing Linux and Unix
• Security Principles
• Why Programmers Write Insecure Code
• Is Open Source Good for Security?
  • Views of Various Experts
  • Why Closing the Source Doesn’t Halt Attacks
  • Why Keeping Vulnerabilities Secret Doesn’t Help
  • How Open Source Counters Trojan Horses
  • Other Advantages
  • Summary
• Types of Secure Programs
• Paranoia as a Virtue in Security
• Purpose of This Document
• Sources of Design and Implementation Guidelines
• Other Security Information Sources
• Document Conventions

Summary of Linux and Unix Security Features
Key architectural security aspects of Unix-like systems.

• Processes
  • Process Attributes
  • POSIX Capabilities
  • Process Creation and Management
• Files
  • Filesystem Object Attributes
  • POSIX Access Control Lists (ACLs)
    • History of ACLs
    • Data Used in ACLs
  • Creation Time Initial Values
  • Changing Access Control Attributes
  • Using Access Controls
  • Filesystem Hierarchy
• System V IPC
• Sockets and Network Connections
• Signals
• Quotas and Limits
• Dynamically Linked Libraries
• Audit
• PAM (Pluggable Authentication Modules)
• Specialized Security Extensions

Security Requirements
Understanding Common Criteria and security objectives.

• Introduction to Common Criteria
• Security Environment and Objectives
• Functional Security Requirements
• Assurance Measures

Validate All Input
Principles and techniques of safe input handling.

• Basics of Input Validation
• Tools & Regular Expressions
  • Introduction to Regex
  • Validation with Regex
  • ReDoS Attacks
• Command Line Inputs
• Environment Variables
• File Descriptors
• File Names & Contents
• Web-based Inputs (CGI and similar)
• Other Forms of Input
• Locale Selection
• Character Encoding (incl. UTF-8 issues)
• Preventing Cross-site Malicious Input
• HTML/URI Filtering and Validation
• Forbidding Dangerous HTTP GET Actions
• Countering Spam
• Limiting Input Time & Load

Restrict Operations to Buffer Bounds (Avoid Buffer Overflow)
Buffer safety across languages, especially C/C++.

• Dangers in C/C++
• Library Solutions
• Compiler Solutions
• Safer Alternatives & Other Languages

Design Your Program for Security
Security-focused design principles and practices.

• Good Security Design Principles
• Securing Interfaces
• Separating Data and Control
• Minimizing Privileges (various techniques)
• Minimizing Functionality
• Avoiding Setuid/Setgid Scripts
• Safe Configuration & Defaults
• Safe Initialization
• Failing Safely
• Avoiding Race Conditions
• Trusted Channels and Paths
• Internal Consistency Checks
• Resource Limiting
• Preventing Cross-Site Scripting (XSS)
• Foiling Semantic Attacks
• Data Type Safety
• Avoiding Complexity Attacks

Carefully Call Out to Other Resources
Safe use of libraries, OS calls, and external interactions.

• Safe Library Calls
• Limiting Values Passed Outward
• Handling Metacharacters
  • SQL Injection
  • Shell Injection
  • Pathname Issues
• Using Programmer-intended Interfaces
• Checking System Call Returns
• Avoiding vfork()
• Countering Web Bugs
• Hiding Sensitive Information

Send Information Back Judiciously
Safe output handling to avoid leaks.

• Minimizing Feedback
• Avoiding Comments
• Handling Unresponsive Output
• Format String Safety
• Controlling Output Encoding
• Preventing Configuration File Exposure

Language-Specific Issues

• C/C++
• Perl
• Python
• Shell Scripting
• Ada
• Java
• Tcl
• PHP

Special Topics

• Password Management
• Web Authentication
  • Logging In
  • Session Actions
  • Logging Out
• Random Numbers
• Protecting Secrets in Memory
• Cryptography
  • Protocols
  • Symmetric & Public Key Algorithms
  • Hashing
  • Integrity Checking
• Using PAM
• Security Tools
• Windows CE
• Audit Records
• Physical Emissions
• Miscellaneous Issues

Book Description

“Secure Programming HOWTO: Creating Secure Software” is not your typical dry security manual. It’s a practical, straight-talking guide packed with wisdom for developers who want their code to survive in the wild. The author dives right into the nitty-gritty of secure coding without drowning you in jargon or endless theory. If you’re tired of security books that sound like they were written for robots, this one’s a breath of fresh air. You’ll find relatable examples, clear explanations, and even a few moments that might make you smile (yes, really!).

Book Overview

This book covers the core principles of secure programming, from design basics to implementation tips. It’s structured so you can jump straight to the sections you needno need to read cover-to-cover unless you want to binge-learn (hey, some people do!). The advice is grounded in real-world scenarios, not just textbook theory. You’ll see why certain mistakes happen over and over, and more importantly, how to avoid them yourself. The author isn’t afraid to point out common traps or share hard-earned lessons. That honesty makes this book stand out.

Why Read This Book

Let’s be honest: writing secure software isn’t always the most glamorous task. But skipping it? That’s just asking for trouble! This book makes security approachableeven enjoyable. You don’t need to be a security guru to understand what’s going on here. The author explains tough concepts in plain English and peppers in helpful analogies (and maybe a dad joke or two). If you’ve ever felt overwhelmed by security checklists or confused by acronyms, this guide will set you straight without making you feel like an amateur.

Who This Book Is For

If you’re building softwarewebsites, apps, toolsyou’ll find something useful here. Maybe you’re new to coding and want to start off on the right foot, or maybe you’re a seasoned developer who’s seen one too many security breaches (ugh). This book is also great for IT managers who want their teams to level up their security game without putting everyone to sleep in the process. Basically, if you care even a little bit about not getting hacked or having your project go sideways because of a silly mistake, this book’s got your back.

What You Will Learn

• The fundamentals of secure programming (yes, there’s more than just passwords!)
• How to spot and fix common coding vulnerabilities before they bite you
• Best practices for designing systems that are tough for attackers to crack
• Why input validation matters way more than most people think
• How attackers really thinkand how you can stay one step ahead
• Practical examples that show what works (and what absolutely doesn’t)
• Tactics for keeping your code secure as it grows and changes over time
• The importance of testingand how not to make it a chore
• Tips for building a team culture where everyone cares about security

Report Broken Link

File Copyright Claim