Book Review: "24 Sins of Software Security"

This is a great and concise text within the information security world.  The original, "19 Deadly Sins of Software Security" is highly renowned, as is the sequel, both averaging 4.5 stars on Amazon.  There are also many great reviews of this book out there, as this book is for both security enthusiasts and developers. Therefore, I'm not going to do an in-depth review, but rather just list the 24 'Sins', in their four categories, with descriptive links. One of the major criticisms of this book is that these 'Sins' overlap and are loosely typed, none the less I feel they are important to highlight! Because of the loose classifications I give this book 7 / 10 stars, although it's still a great summary of modern security exposures. Many of these are also very Common Weakness.

Web Application Sins
1) SQL Injection
2) Web Server-Related Vulnerabilitis (XSS, XSRF, and Response Splitting)
3) Web Client-Related Vulnerabilities (XSS)
4) Use of Magic Numbers, URLs, Predictable Cookies, Hidden Form Fields  and/or hardcoded keys.

Implementation Sins
5) Buffer Overflows
6) Format String Problems
7) Integer Overflows
8) C++ Catastrophes
9) Catching Exceptions
10) Command Injection
11) Failure to Handle Errors Correctly
12) Information Leakage
13) Race Conditions
14) Poor Usability
15) Not Updating Easily
16) Over Privlaged
17) Failure to Protect Stored Data
18) The Sins of Mobile Code

Cryptographic Sins
19) Use of Weak Password-Based Systems
20) Weak Random Numbers
21) Using Crypto Incorrectly

Networking Sins
22) Failing to Protect Network Traffic
23) Improper Use of PKI, Especially SSL
24) Trusting Network Name Resolution

There are also breif abstracts for people that want to know more about any particular subject in the book. Enjoy exploring these must-know vulnerabilities classes and weaknesses!