Secure Coding: Principles and Practices

Secure Coding: Principles and Practices
by Mark G. Graff, Kenneth R. Van Wyk

Secure Coding: Principles and Practices
List Price: $29.95
Our Price: $2.43
You Save: $27.52 (92%)
Availability: Usually ships in 1-2 business days
Buy Used: from $2.38 (click here)
Category: Book
See more book details and other editions

Compare Prices for Secure Coding: Principles and Practices

(Click here)
Buy this book at online book store in your country
Canada | UK | Germany | France

Book Summary Information

Author: Kenneth R. Van Wyk, Mark G. Graff
Edition: Paperback
Format: Illustrated
Published: 2003-07
ISBN: 0596002424
Number of pages: 200
Publisher: O'Reilly Media, Inc.

Book Reviews of Secure Coding: Principles and Practices

Book Review: Looking to get started with Software Security? Start Here.
Summary: 5 Stars

When my clients are starting down the road to software security and ask me what book is the best starting place, this is the one I recommend.

The hardest thing about software security is that in most organizations no one person or group really owns it. So you have this dichotomy where software people don't really have the requisite security knowledge, and security people don't really understand all the details of software development. It is difficult to navigate the terrain in between these domains, in a way that is specific enough to understandable and actionable, without overwhelming the reader from one background or the other. This is what makes Seucre Coding such a great starting point.

Chapter 1 hits a number of important software security issues, and most importantly for software developers, provides an intro to thinking about the software design from the attacker's point of view. The authors also hit an extremely important point on composition, quoting an expert bridge player saying "No one made any mistakes. Only the result was ridiculous." The fact that most OO and distributed systems are built on composition, is a major issue in security because security mechanisms and protocols are generally not composeable.

Chapters 2 and 3 examine security architecture and design, this is generally where the most egregious issues come into play. As with the majority of the book, there are actionable steps laid out to help you incorporate the secure coding principles the authors describe. And the authors detail a good balance of what to do and what not to do. Too many security books only address the latter.

Chapters 4,5, and 6 look at the remainder of the development lifecycle, defining practical ways to integrate security into software implementation, testing, and operations. What is most valuable in the author's approach is that a top down methodology is not required on the part of the enterprise to begin down the software security path. The authors do describe some top down techniques, but each and every phase described in the book contains numerous actions that enterprises can adopt with little to no cost. For example, the implementation chapter looks at peer reviews and checklists for secure coding, and the operations chapter looks at specific ways to implement security event logging, there is effectively a very low barrier to entry for organizations to deploy any number of the concepts described in this book.

This book does not contain the nth layer of every major security design decision you need to make, but it is a great place to begin the journey. Quoting Martin Fowler "comprehensiveness is the enemy of comprehensibility."
Write your own review
All Secure Coding: Principles and Practices Customer Reviews

Summary of Secure Coding: Principles and Practices

Practically every day, we read about a new type of attack on computer systems and networks. Viruses, worms, denials of service, and password sniffers are attacking all types of systems -- from banks to major e-commerce sites to seemingly impregnable government and military computers --at an alarming rate.

Despite their myriad manifestations and different targets, nearly all attacks have one fundamental cause: the code used to run far too many systems today is not secure. Flaws in its design, implementation, testing, and operations allow attackers all-too-easy access.

"Secure Coding," by Mark G. Graff and Ken vanWyk, looks at the problem of bad code in a new way. Packed with advice based on the authors' decades of experience in the computer security field, this concise and highly readable book explains why so much code today is filled with vulnerabilities, and tells readers what they must do to avoid writing code that can be exploited by attackers. Writing secure code isn't easy, and there are no quick fixes to bad code. To build code that repels attack, readers need to be vigilant through each stage of the entire code lifecycle:

Architecture: during this stage, applying security principles such as "least privilege" will help limit even the impact of successful attempts to subvert software.

Design: during this stage, designers must determine how programs will behave when confronted with fatally flawed input data. The book also offers advice about performing security retrofitting when you don't have the source code -- ways of protecting software from being exploited even if bugs can't be fixed.

Implementation: during this stage, programmers must sanitize all programinput (the character streams representing a programs' entire interface with its environment -- not just the command lines and environment variables that are the focus of most security

analysis).

Testing: during this stage, programs must be checked using both static code checkers and runtime testing methods -- for example, the fault injection systems now available to check for the presence of such flaws as buffer overflow.

Operations: during this stage, patch updates must be installed in a timely fashion. In early 2003, sites that had diligently applied Microsoft SQL Server updates were spared the impact of the Slammer worm that did serious damage to thousands of systems.

Beyond the technical, "Secure Coding" sheds new light on the economic, psychological, and sheer practical reasons why security vulnerabilities are so ubiquitous today. It presents a new way of thinking about these vulnerabilities and ways that developers can compensate for the factors that have produced such unsecured software in the past. It issues a challenge to all those concerned about computer security to finally make a commitment to building code the right way.

Encryption Books
Book Subjects
Most talked about in Secure coding
Reversing: Secrets of Reverse Engineering ImageReversing: Secrets of Reverse Engineering
by Eldad Eilam
Wiley; Published: 2005-04-15; Paperback; Book
Best price: $19.88
Price in other shops: $40.00
Threat Modeling (Microsoft Professional) ImageThreat Modeling (Microsoft Professional)
by Frank Swiderski, Window Snyder
Microsoft Press; Published: 2004-07-14; Paperback; Book
Best price: $26.05
Price in other shops: $34.99
The Art of Software Security Testing: Identifying Software Security Flaws (Symantec Press) ImageThe Art of Software Security Testing: Identifying Software Security Flaws (Symantec Press)
by Chris Wysopal, Lucas Nelson, Dino Dai Zovi, Elfriede Dustin
Addison-Wesley Professional; Published: 2006-11-27; Paperback; Book
Best price: $39.17
Price in other shops: $49.99
Software Fault Injection: Inoculating Programs Against Errors ImageSoftware Fault Injection: Inoculating Programs Against Errors
by Jeffrey M. Voas, Gary McGraw
John Wiley & Sons; Published: 1998-01-28; Hardcover; Book
Best price: $7.49
Price in other shops: $70.00
Java Security: Hostile Applets, Holes & Antidotes ImageJava Security: Hostile Applets, Holes & Antidotes
by Gary McGraw, Edward Fellen, Edward Felten
John Wiley & Sons Inc (Computers); Published: 1996-12; Paperback; Book
Best price: $0.87
Price in other shops: $19.95
Securing Java: Getting Down to Business with Mobile Code, 2nd Edition ImageSecuring Java: Getting Down to Business with Mobile Code, 2nd Edition
by Gary McGraw, Edward W. Felten
Wiley; Published: 1999-01-25; Paperback; Book
Best price: $6.00
Price in other shops: $34.99
Secure Systems Development with UML ImageSecure Systems Development with UML
by Jan J?rjens
Springer; Published: 2004-11-23; Hardcover; Book
Best price: $49.90
Price in other shops: $84.95
Designing Secure Software ImageDesigning Secure Software
by Michael Howard, David LeBlanc
McGraw-Hill Education; Published: 2007-03-01; Paperback; Book
Secure PHP Development: Building 50 Practical Applications ImageSecure PHP Development: Building 50 Practical Applications
by Mohammed J. Kabir
Wiley; Published: 2003-03-15; Paperback; Book
Best price: $6.00
Price in other shops: $50.00
Building Secure Microsoft ASP.NET Applications (Pro-Developer) ImageBuilding Secure Microsoft ASP.NET Applications (Pro-Developer)
by Microsoft Corporation
Microsoft Press; Published: 2003-02-01; Paperback; Book
Best price: $9.94
Price in other shops: $49.99
Similar Books and other products
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws ImageThe Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
by Dafydd Stuttard, Marcus Pinto
Wiley; Published: 2007-10-22; Paperback; Book
Best price: $26.73
Price in other shops: $50.00
Building Secure Software: How to Avoid Security Problems the Right Way (Addison-Wesley Professional Computing Series) ImageBuilding Secure Software: How to Avoid Security Problems the Right Way (Addison-Wesley Professional Computing Series)
by John Viega, Gary McGraw
Addison-Wesley Professional; Published: 2001-10-04; Hardcover; Book
Best price: $13.99
Price in other shops: $59.99
Secure Coding in C and C++ (SEI Series in Software Engineering) ImageSecure Coding in C and C++ (SEI Series in Software Engineering)
by Robert C. Seacord
Addison-Wesley Professional; Published: 2005-09-19; Paperback; Book
Best price: $31.63
Price in other shops: $44.99
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More ImageSecure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
by John Viega, Matt Messier
O'Reilly Media, Inc.; Published: 2003-07-14; Paperback; Book
Best price: $37.36
Price in other shops: $69.99
Hunting Security Bugs ImageHunting Security Bugs
by Tom Gallagher, Lawrence Landauer, Bryan Jeffries
Microsoft Press; Published: 2006-06-09; Paperback; Book
Best price: $1.99
Price in other shops: $49.99
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities ImageThe Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
by Mark Dowd, John McDonald, Justin Schuh
Addison-Wesley Professional; Published: 2006-11-30; Paperback; Book
Best price: $39.94
Price in other shops: $54.99
The Security Development Lifecycle ImageThe Security Development Lifecycle
by Michael Howard, Steve Lipner
Microsoft Press; Published: 2006-06-28; Paperback; Book
Best price: $5.18
Price in other shops: $34.99
Software Security: Building Security In (Addison-Wesley Software Security Series) ImageSoftware Security: Building Security In (Addison-Wesley Software Security Series)
by Gary McGraw
Addison-Wesley Professional; Published: 2006-02-02; Paperback; Book
Best price: $25.00
Price in other shops: $54.99
Writing Secure Code, Second Edition ImageWriting Secure Code, Second Edition
by Michael Howard, David LeBlanc
MICROSOFT PRESS - LB&C; Microsoft Press; Published: 2003-01-04; Paperback; Book
Best price: $13.80
Price in other shops: $49.99
19 Deadly Sins of Software Security (Security One-off) Image19 Deadly Sins of Software Security (Security One-off)
by Michael Howard, David LeBlanc, John Viega
McGraw-Hill Osborne Media; Published: 2005-07-26; Paperback; Book
Best price: $11.98
Price in other shops: $41.99
Health and Personal Care | Beauty | Digital Cameras and Photo | Kitchen and Housewares | Tools and Hardware
Copyright © 2003-2007 bookhills.com
Google
 
Web bookhills.com
Book store. Illustrated catalog of books on different categories