Sverre H. Huseby
ISBN: 0-470-85744-7
Paper
246 pages
December 2003

This concise and practical book will show where code vulnerabilities lie and how best to fix them. Its value is in showing where most coding errors lie, without needing to delve into the specifics of each system architecture, programming or scripting language or application. It provides illustrations with real code. This entertaining book shows how to change mindset from website construction to website destruction to find dangerous code. Abundant examples from susceptible sites will bring the material alive to coders and help them learn about: SQL Injection, shell command injection and other attacks based on mishandling meta-characters what to do when bad input is detected how HTML can be inserted, what it can do and how to prevent it. how attackers trick users into performing actions and how to prevent it. clear-text passwords, secret numbers and how attackers get access to server-side secrets hidden enemies such as project deadlines, salesmen, messy code and tight budgets