Secure Programming
So couple of weeks ago, I was searching all around the web and all the local book stores for good books on secure programming. Now no were, was I able to find a decent book and was pretty disappointed at the end, to know that there are no books out there that deal with secure programming. I cam across 2 of them, but both were on windows. Came across the linux-unix secure programming howto. But that too was very disappointing. It gives an overview of various aspects, but does not explain anything. All i found were stray articles on the web at various security sites.
So I have been collecting notes for the past couple of weeks, and finally have decided to put them up on the web, so that others can use it too. eventually if possible, I wanna make this a complete book which deals with secure programming in unix. I have started writing some stuff, and will put it up soon on the web. People who wanna contribute are totally welcome 🙂
ah i dont mean to be an ass, so if this comes out rude just realize ive been having hardware problems all night with a mcse in my ear.
the secure programming howto is the base for just about everything you need to know, it with a little bit of what i know provided the base for a presentation i gave at the local .edu called ‘secure programming’
at any rate, perhaps the problem is your too busy reading and not applying.
yeah I know how it feels to be with those dumb mcse guys 😉
I just looked back at the howto. I agree its am amazing doc, which covers almost everyaspect of security. Its almost like th bible. I am not saying the howto is bad. Just that it does not give you a hands on stuff about secure programming. I am looking at more like a cookbook. Infact what you putup couple of days ago about buffer overflow’s is the kinda stuff that I am looking for.
Another excellent doc to look is OWASP. Thats more detailed, but deals only with web applications.
Also I hope to make this more like the O’reilly verison of secure programming
here is what i was working from, it doesnt have much for commentary, but does for a hands on approach.
http://community.core-sdi.com/~gera/InsecureProgramming/