Epilogue
To a large extent, this book is about all of the little things that programmers need to get right in order to create secure code. The devil is in the remarkably long list of details that, if overlooked or misunderstood, give attackers what they need to compromise a system. We’ve looked at endemic problems such as buffer overflow in C and session management with HTTP. We’ve seen numerous cases where security hinges on seemingly unrelated trivia: ignoring error conditions, using the wrong output encoding, or giving away too much information about the system.
Fewer words have gone towards the design decisions that affect software security. Good design and good implementation need each other; one is useless without the other. But design ...
Get Secure Programming with Static Analysis now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
