Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and we were aware of a trademark claim, the designations have been printed in initial capital letters or in all capitals.
The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein.
Copyright © 2002 by Addison-Wesley
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior consent of the publisher. Printed in the United States of America. Published simultaneously in Canada.
The publisher offers discounts on this book when ordered in quantity for special sales. For more information, please contact:
U.S. Corporate and Government Sales
(800) 382-3419
[email protected]
Visit us on the Web at www.awprofessional.com
Library of Congress Cataloging-in-Publication Data
Viega, John.
Building secure software : how to avoid security problems the
right way / Viega, John, McGraw, Gary.
p. cm.
Includes bibliographical references and index.
ISBN 0-201-72152-X
1. Computer software—Development. 2. Computer security.
3. System design. I. McGraw, Gary, 1966– II. Title.
QA76.76.D47 V857 2001
005.1—dc21 2001046055
ISBN 0-201-72152-X
Text printed in the United States on recycled paper at RR Donnelley Crawfordsville in Crawfordsville, Indiana.
9th Printing June 2008
18.219.111.195