"This book provides a set of design and implementation
guidelines for writing secure programs for Linux and Unix systems.
Such programs include application programs used as viewers of
remote data, web applications (including CGI scripts), network
servers, and setuid/setgid programs. This document includes
specific guidance for a number of languages, including C, C++,
Java, Perl, Python, and Ada95.
"This is version 3.005, dated 30 December 2002.
Compared to version 3.000, this version adds new text on
handling tmp files where there are tmp cleaners running (true on
most real systems--this causes particular problems with mktemp(1)),
notes on avoiding buffer overflow in FD_SET/FD_CLR(), and a long
discussion on a new attack against web-based systems: session
fixation. I also added text about protecting secrets in
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.