1. Home
  2. Networking
  3. Network security assessment

13.10 Recommended Secure Development Reading

Prevention is the best form of protection from application-level threats such as overflows and logic flaws. The following four books discuss secure programming techniques and approaches (primarily with C programming examples across Unix and Windows platforms):

  • Writing Secure Code, by Michael Howard and David LeBlanc (Microsoft Press)

  • Secure Coding: Principles and Practices, by Mark Graff and Kenneth van Wyk (O'Reilly Media, Inc.)

  • Building Secure Software, by Gary McGraw and John Viega (Addison Wesley)

  • Secure Programming Cookbook for C and C++, by Matt Messier and John Viega (O'Reilly)



    		Network Security Assessment
    		Foreword
    		Preface
    		Chapter 1. Network Security Assessment
    		Chapter 2. The Tools Required
    		Chapter 3. Internet Host and Network Enumeration
    		Chapter 4. IP Network Scanning
    		Chapter 5. Assessing Remote Information Services
    		Chapter 6. Assessing Web Services
    		Chapter 7. Assessing Remote Maintenance Services
    		Chapter 8. Assessing FTP and Database Services
    		Chapter 9. Assessing Windows Networking Services
    		Chapter 10. Assessing Email Services
    		Chapter 11. Assessing IP VPN Services
    		Chapter 12. Assessing Unix RPC Services
    		Chapter 13. Application-Level Risks
    		13.1 The Fundamental Hacking Concept
    		13.2 The Reasons Why Software Is Vulnerable
    		13.3 Network Service Vulnerabilities and Attacks
    		13.4 Classic Buffer-Overflow Vulnerabilities
    		13.5 Heap Overflows
    		13.6 Integer Overflows
    		13.7 Format String Bugs
    		13.8 Memory Manipulation Attacks Recap
    		13.9 Mitigating Process Manipulation Risks
    		13.10 Recommended Secure Development Reading
    		Chapter 14. Example Assessment Methodology
    		Appendix A. TCP, UDP Ports, and ICMP Message Types
    		Appendix B. Sources of Vulnerability Information
    		Colophon