Foundations of Security - What Every Programmer Needs to Know

"Security is an area of increasing and grave concern to programmers. Security attacks abound, and all too often the ""way in"" for the perpetrators is through a ""hole"" left by an unwary programmer. For example, there is the case of some forty million credit card numbers having been exposed to hackers by a company then known as CardSystems, and hundreds of thousands of them stolen. Forty million people suddenly had their credit and finances put at risk. How were those numbers exposed? They were taken in what is called a ""SQL injection"" attack, one made possible by a likely anonymous programmer many levels down in the CardSystems hierarchy who simply was unaware of the ultimate danger inherent in the code that he was writing. CardSystems suffered greatly from the publicity surrounding the successful attack, and no longer exists today as an independent company. It was recently made public that the CardSystems data breach which exposed 40 million credit cards in 2005 (arguably the worst cyberattack of all time, to date, and also investigated by Congress and the FTC) was due to SQL injection and weak passwords. For background, see http://www.webappsec.org/projects/whid/list_id_2004-17.shtml Also, see clause 6 of the FTC commission report:http://www.ftc.gov/os/caselist/0523148/0523148complaint.pdf Fallout from the security breach, http://www.strategy-business.com/press/sbkw2/sbkwarticle/sbkw051130) Software developers today need to worry about security as never before. They need clear guidance on safe coding practices, and that's exactly what Fundamentals of Security: What Ever Programmer Needs to Know delivers. This isn't a book that goes deep into theory, or that rants on about the politics of security. This is a book that clearly and simply lays out the most common threats that programmers need to defend against. And then the book shows programmers how to make their defense. The book takes a broad focus, ranging over SQL injection, worms and buffer overflows, password security, and more. The book is written to appeal to all programmers, not just those using a particular language. It introduces programmers to the entire gamut of security threats that they might face, and sets those programmers on the path towards successfully defending against those threats."