Uwe Hermann | A slightly paranoid Debian developer

Michael Howard, David LeBlanc and John Viega have written a book called The 19 Deadly Sins of Software Security, which is to be published soon.

It explains the most important security issues one encounters in the software industry in a Design Patterns-like format. Each software security Sin is structured according to the following sections: Overview, The Sin Explained, Sample Code Defect, Spotting the Defect Pattern, Spotting the Defect during Code Review, Testing the Defect during Test, Example Defects, Redemption Steps, Extra Defensive Measures, Other Resources, Summary.

The 19 chapters, or Sins, each 10-15 pages long:

1. Buffer Overflows
2. Format String problems
3. SQL injection
4. Command injection
5. Failure to handle errors
6. Cross-site scripting
7. Failing to protect network traffic
8. Use of "magic" URLs and hidden forms
9. Improper use of SSL
10. Use of weak password-based systems
11. Failing to store and protect data
12. Information leakage
13. Improper file access
14. Integer range errors
15. Trusting network address information
16. Signal race conditions
17. Unauthenticated key exchange
18. Failing to use cryptographically strong random numbers
19. Poor usability

(via Dana Epp)