SANS InfoSec Reading Room - Securing Code
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact
webmaster@sans.org.
Featuring 22 papers as of Aug 20, 2008
JavaScript Hijacking
Fortify Software - August 2007
- Secure Authentication on the Internet
- Roger Meyer
- February 1, 2008
- - download paper

- Software Engineering – Security as a Process in the SDLC
- Nithin Haridas
- August 7, 2007
- - download paper

- How to Avoid Information Disclosure when Managing Windows with WMI
- Alex Timkov
- July 17, 2007
- - download paper

- Threat Modeling: A Process To Ensure Application Security
- Steven Burns
- October 5, 2005
- - download paper

- A Proactive Approach Toinformation Security
- Sandeep Gupta
- July 24, 2004
- - download paper

- Defeating Overflow Attacks
- Jason Deckard
- June 9, 2004
- - download paper

- A Security Checklist for Web Application Design
- Gail Bayse
- May 2, 2004
- - download paper

- Insecurity of Inputs to CGI Program
- Suhairi Mohd Jawi
- October 31, 2003
- - download paper

- The Security Challenges of Offshore Development
- Rob Ramer
- October 31, 2003
- - download paper

- Improving Software Security During Development
- Robert W. Usher
- October 31, 2003
- - download paper

- Inside the Buffer Overflow Attack:Mechanism, Method, & Prevention
- Mark E. Donaldson
- October 31, 2003
- - download paper

- Security Techniques for Mobile Code
- Nathan Macrides
- October 31, 2003
- - download paper

- Securely Programming in C
- Sayed Jamil Ahmed
- October 31, 2003
- - download paper

- Secure Software Development and Code Analysis Tools
- Thien La
- October 31, 2003
- - download paper

- Designing Secure Solutions with .NET
- Bill Ferreira
- October 31, 2003
- - download paper

- A Web Developer's Guide to Cross-Site Scripting
- Steven Cook
- October 31, 2003
- - download paper

- A Tour of TOCTTOUs
- Craig Lowery
- October 31, 2003
- - download paper

- XML Web Services Security and Web based Application Security
- Chris Kwabi
- October 31, 2003
- - download paper

- Web Application Security - Layers of Protection
- William Fredholm
- February 10, 2003
- - download paper

- The Intrinsic Hole In Information Security
- Douglas Gaer
- August 15, 2002
- - download paper

- SQL Injection: Modes of Attack, Defence, and Why It Matters
- Stuart McDonald
- July 18, 2002
- - download paper

This is hands-down, the premiere training opportunity.
- Dan Mather, JICPAC