Application Source Code Security Handbook for Developers, Auditors, and Security Professionals
Book format: An electronic version of a printed book that can be read on a computer or handheld device designed specifically for this purpose.
Publisher: Date:6/16/2009 - Charles River Media
By: Shreeraj Shah, Gurpreet Kochar, Vimal Patel
Application source code, independent of languages and platforms, is a major source for vulnerabilities. A survey on vulnerability distribution suggests that 64% of the time, a vulnerability crops up due to programming errors and 36% of the time, due to configuration issues. According to IBM labs, there is a possibility of at least one security issue contained in every 1,500 lines of code. To avoid these sort of security issues one needs to follow sound secure coding and design principles. It is also imperative to know code review methodologies and audit strategies to assess the quality of code before deploying to production. This book will serve as a handbook for all developers, auditors, and security professionals involved with securing corporate code base. It contains lots of hands-on concepts, methodologies, and tools that enhance secure coding, and reviews capabilities in the domain of code security in the context of the current security knowledge-base.