LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Announcements page

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

"Programmer's Ultimate Security DeskRef" Released by Syngress

[Posted November 9, 2004 by cook]

From:  "Kathryn Barrett" <syngresspr-AT-oreilly.com>
To:  lwn-AT-lwn.net
Subject:  "Programmer's Ultimate Security DeskRef" Released by Syngress
Date:  Tue, 09 Nov 2004 13:37:22 -0800

Syngress Publishing Announces Publication of
"Programmer's Ultimate Security DeskRef"

Programming Security Encyclopedia Provides Easy Look Up for Top Languages

Contact: Amy Pedersen
781-681-5151 x12
amy@syngress.com

Rockland, MA - Syngress Publishing, Inc., today announced the publication
of "Programmer's Ultimate Security DeskRef" (ISBN: 1-932266-72-0), by
James C. Foster, a comprehensive guide to the security flaws in the top 13
programming languages.

Amorette Pedersen, Vice President of Syngress Publishing, said, "With the
help of the 'Programmer's Ultimate Security DeskRef' programmers can be
sure the code they write is truly secure. This book covers the most
popular programming languages, including ASP, C, C++, C#, ColdFusion,
Javascript, Jscript, Lisp, Perl, PHP, Python, VBA, and VBscript. Each
function or method documented in this book is followed by a series of
elements created to help programmers program responsibly by calling
awareness to each function's purpose, risk, origin, resources, and more.
It's a great tool."

The book makes a great companion to other best practices coding books and
is unique in that it is the only book that provides by function/by
language lookup. Each function or method documented in this book is
followed by a series of elements created to help programmers program
responsibly by calling awareness to each function's purpose, risk, origin,
resources, and more. Each function is organized in the following way:

-Prototype: This is where you will find the function's prototype or the
  method's proper implementation usage.
-Summary: Describes the function or method and its intended use.
-Description: Contains a detailed explanation of how the function should
  be used and when it should not be used. It also has explanations for any
  parameters the function or method may accept as input, in addition to
  providing detail on returned values.
-Risk: Informs the readers of the particular security threat posed when
  implementing the function or method. It recommends more secure
  alternatives, secure usage, bolt-on alternatives, and other types of
  clear, developer-focused solutions.
-Note: Any additional comments that pertain to the function.
-Additional Resources: These resources are included for additional
  information on the programmatic particulars of the language, function, or
  method. All resources consist of web links to educational websites,
  Microsoft, or other commercial powerhouses.
-Impact: The impact will be High, Medium or Low, signifying a potential
  high-level result that a poorly implemented function or method may have on
  the application.
-Cross Reference: Cross references are similar functions and methods that
  are available for use in the language. For example, the C language printf
  may have cross references of sprintf and snprintf.

Author James Foster added, "This book is the first of its kind--written to
educate programmers about coding security specifics at the source level.
Like writers turn to the dictionary, programmers will turn to the
'DeskRef' to check themselves."

Languages covered: ASP, C, C++, C#, ColdFusion, JavaScript, Jscript, LISP,
Perl, PHP, Python, VBA, and VBscript.

BOOK DETAILS
Programmer's Ultimate Security DeskRef
ISBN: 1-932266-72-0
PRICE: $49.95 U.S.
PAGE COUNT: 496 PP

About the Author
James C. Foster is the Deputy Director of Global Security Solution
Development for Computer Sciences Corporation, where he is responsible for
the vision and development of physical, personnel, and data security
solutions. Prior to CSC, Foster was the Director of Research and
Development for Foundstone, Inc. (acquired by McAfee) and was responsible
for all aspects of product, consulting, and corporate R&D initiatives.
Prior to joining Foundstone, Foster was an Executive Advisor and Research
Scientist with Guardent, Inc. (acquired by Verisign) and an adjunct author
at Information Security Magazine (acquired by TechTarget), subsequent to
working as Security Research Specialist for the Department of Defense.
With his core competencies residing in high-tech remote management,
international expansion, application security, protocol analysis, and
search algorithm technology, Foster has conducted numerous code reviews
for commercial OS components, Win32 application assessments, and reviews
on commercial-grade cryptography implementations.

Foster is a seasoned speaker and has presented throughout North America at
conferences, technology forums, security summits, and research symposiums
with highlights at the Microsoft Security Summit, Black Hat USA, Black Hat
Windows, MIT Wireless Research Forum, SANS, MilCon, TechGov, InfoSec World
2001, and the Thomson Security Conference. He also is commonly asked to
comment on pertinent security issues and has been cited in USAToday,
Information Security Magazine, Baseline, Computer World, Secure Computing,
and the MIT Technologist. Foster holds an A.S., B.S., MBA and numerous
technology and management certifications and has attended or conducted
research at the Yale School of Business, Harvard University, the
University of Maryland, and is currently a Fellow at University of
Pennsylvania's Wharton School of Business.

Foster is also a well published author with multiple commercial and
educational papers; and has authored, contributed, or edited for major
publications including "Snort 2.1 Intrusion Detection" (Syngress
Publishing, ISBN: 1-931836-04-3), "Hacking Exposed, Fourth Edition,"
"Anti-Hacker Toolkit, Second Edition," "Advanced Intrusion Detection,"
"Hacking the Code: ASP.NET Web Application Security" (Syngress, ISBN:
1-932266-65-8), "Anti-Spam Toolkit," and the forthcoming "Google Hacking
for Penetration Techniques" (Syngress, ISBN: 1-931836-36-1) .

Background Information
Syngress Publishing (www.syngress.com), headquartered in Rockland,
Massachusetts, is an independent publisher of print and electronic
reference materials for Information Technology professionals seeking skill
enhancement and career advancement. Distributed throughout Europe, Asia,
and the U.S. and Canada, Syngress titles have been translated into twenty
languages. The company's pioneering customer support program,
solutions@syngress.com, extends the value of every Syngress title with
regular information updates and customer-driven author forums. For more
information on Syngress products, contact Amy Pedersen at 781-681-5151 or
email amy@syngress.com. Syngress books are distributed in the United
States and Canada by O'Reilly Media, Inc.
(Log in to post comments)

Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds