Synopsis
Practically every day, we read about a new type of attack on computer systems and networks. Viruses, worms, denials of service, and password sniffers are attacking all types of systems -- from banks to major e-commerce sites to seemingly impregnable government and military computers --at an alarming rate.Despite their myriad manifestations and different targets, nearly all attacks have one fundamental cause: the code used to run far too many systems today is not secure. Flaws in its design, implementation, testing, and operations allow attackers all-too-easy access.Secure Coding, by Mark G. Graff and Ken vanWyk, looks at the problem of bad code in a new way. Packed with advice based on the authors' decades of experience in the computer security field, this concise and highly readable book explains why so much code today is filled with vulnerabilities, and tells readers what they must do to avoid writing code that can be exploited by attackers. Writing secure code isn't easy, and there are no quick fixes to bad code. To build code that repels attack, readers need to be vigilant through each stage of the entire code lifecycle:
- Architecture: during this stage, applying security principles such as "least privilege" will help limit even the impact of successful attempts to subvert software.
- Design: during this stage, designers must determine how programs will behave when confronted with fatally flawed input data. The book also offers advice about performing security retrofitting when you don't have the source code -- ways of protecting software from being exploited even if bugs can't be fixed.
- Implementation: during this stage, programmers must sanitize all program input (the character streams representing a programs' entire interface with its environment -- not just the command lines and environment variables that are the focus of most securityanalysis).
- Testing: during this stage, programs must be checked using both static code checkers and runtime testing methods -- for example, the fault injection systems now available to check for the presence of such flaws as buffer overflow.
- Operations: during this stage, patch updates must be installed in a timely fashion. In early 2003, sites that had diligently applied Microsoft SQL Server updates were spared the impact of the Slammer worm that did serious damage to thousands of systems.
"synopsis" may belong to another edition of this title.
About the Author
Kenneth R. van Wyk is an internationally recognized information security expert and author of the O'Reilly Media books, Incident Response and Secure Coding. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds numerous positions: as a monthly columnist for on-line security portal, eSecurityPlanet, and a Visiting Scientist at Carnegie Mellon University's Software Engineering Institute.
Ken has 20+ years experience as an IT Security practitioner in the academic, military, and commercial sectors. He has held senior and executive technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), in addition to the U.S. Department of Defense and Carnegie Mellon and Lehigh Universities.
Ken also served a two-year elected position as a member of the Steering Committee, and a one-year elected position as the Chairman of the Steering Committee, for the Forum of Incident Response and Security Teams (FIRST) organization. At the Software Engineering Institute of Carnegie Mellon University, Ken was one of the founders of the Computer Emergency Response Team (CERT®). He holds an engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented papers and speeches for CSI, ISF, USENIX, FIRST, AusCERT, and others. Ken is also a CERT® Certified Computer Security Incident Handler.
Kenneth R. van Wyk is an internationally recognized information security expert and author of the O'Reilly Media books, Incident Response and Secure Coding. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds numerous positions: as a monthly columnist for on-line security portal, eSecurityPlanet, and a Visiting Scientist at Carnegie Mellon University's Software Engineering Institute.
Ken has 20+ years experience as an IT Security practitioner in the academic, military, and commercial sectors. He has held senior and executive technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), in addition to the U.S. Department of Defense and Carnegie Mellon and Lehigh Universities.
Ken also served a two-year elected position as a member of the Steering Committee, and a one-year elected position as the Chairman of the Steering Committee, for the Forum of Incident Response and Security Teams (FIRST) organization. At the Software Engineering Institute of Carnegie Mellon University, Ken was one of the founders of the Computer Emergency Response Team (CERT®). He holds an engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented papers and speeches for CSI, ISF, USENIX, FIRST, AusCERT, and others. Ken is also a CERT® Certified Computer Security Incident Handler.
Review
"This is an extremely useful little book in best O'Reilly tradition and I recommend it not only to programmers but also to security architects who work with programmers. It gives you a lot of insights that you don't often come across." Information Security Bulletin, September
"About this title" may belong to another edition of this title.
Other Popular Editions of the Same Title
Search results for Secure Coding: Principles and Practices
Stock Image
Secure Coding: Principles and Practices
Seller: World of Books (was SecondSale), Montgomery, IL, U.S.A.
Seller rating 5 out of 5 stars
Condition: Good. Item in good condition. Textbooks may not include supplemental items i.e. CDs, access codes etc. Seller Inventory # 00095760158
Stock Image
Secure Coding: Principles and Practices
Seller: ThriftBooks-Atlanta, AUSTELL, GA, U.S.A.
Seller rating 5 out of 5 stars
Paperback. Condition: Very Good. No Jacket. May have limited writing in cover pages. Pages are unmarked. ~ ThriftBooks: Read More, Spend Less. Seller Inventory # G0596002424I4N00
Stock Image
Secure Coding: Principles and Practices
Seller: ThriftBooks-Dallas, Dallas, TX, U.S.A.
Seller rating 5 out of 5 stars
Paperback. Condition: Good. No Jacket. Former library book; Pages can have notes/highlighting. Spine may show signs of wear. ~ ThriftBooks: Read More, Spend Less. Seller Inventory # G0596002424I3N10
Stock Image
Secure Coding: Principles and Practices
Seller: ThriftBooks-Dallas, Dallas, TX, U.S.A.
Seller rating 5 out of 5 stars
Paperback. Condition: Very Good. No Jacket. May have limited writing in cover pages. Pages are unmarked. ~ ThriftBooks: Read More, Spend Less. Seller Inventory # G0596002424I4N00
Stock Image
Secure Coding : Principles and Practices
Published by
O'Reilly Media, Incorporated, 2003
ISBN 10: 0596002424
ISBN 13: 9780596002428
Used
Softcover
First Edition
Seller: Better World Books, Mishawaka, IN, U.S.A.
Seller rating 5 out of 5 stars
Condition: Good. 1st Edition. Former library copy. Pages intact with minimal writing/highlighting. The binding may be loose and creased. Dust jackets/supplements are not included. Includes library markings. Stock photo provided. Product includes identifying sticker. Better World Books: Buy Books. Do Good. Seller Inventory # GRP56620135
Stock Image
Secure Coding: Principles and Practices
Seller: HPB-Red, Dallas, TX, U.S.A.
Seller rating 5 out of 5 stars
paperback. Condition: Good. Connecting readers with great books since 1972! Used textbooks may not include companion materials such as access codes, etc. May have some wear or writing/highlighting. We ship orders daily and Customer Service is our top priority! Seller Inventory # S_434892329
Stock Image
Secure Coding: Principles and Practices
Seller: HPB-Diamond, Dallas, TX, U.S.A.
Seller rating 5 out of 5 stars
paperback. Condition: Very Good. Connecting readers with great books since 1972! Used books may not include companion materials, and may have some shelf wear or limited writing. We ship orders daily and Customer Service is our top priority! Seller Inventory # S_457322290
Stock Image
Secure Coding : Principles and Practices
Published by
O'Reilly Media, Incorporated, 2003
ISBN 10: 0596002424
ISBN 13: 9780596002428
Used
Softcover
First Edition
Seller: Better World Books Ltd, Dunfermline, United Kingdom
Seller rating 5 out of 5 stars
Condition: Very Good. 1st Edition. Pages intact with possible writing/highlighting. Binding strong with minor wear. Dust jackets/supplements may not be included. Stock photo provided. Product includes identifying sticker. Better World Books: Buy Books. Do Good. Seller Inventory # GRP105078590
Buy Used
US$ 6.28
US$ 6.82 shipping
Ships from United Kingdom to U.S.A.
Ships from United Kingdom to U.S.A.
Quantity: 1 available
Stock Image
Secure Coding: Principles and Practices
Seller: medimops, Berlin, Germany
Seller rating 5 out of 5 stars
Condition: very good. Gut/Very good: Buch bzw. Schutzumschlag mit wenigen Gebrauchsspuren an Einband, Schutzumschlag oder Seiten. / Describes a book or dust jacket that does show some signs of wear on either the binding, dust jacket or pages. Seller Inventory # M00596002424-V
Buy Used
US$ 6.45
US$ 11.79 shipping
Ships from Germany to U.S.A.
Ships from Germany to U.S.A.
Quantity: 1 available
Stock Image
Secure Coding â" Principles & Practices
Published by
O'Reilly Media, United States, Sebastopol, 2003
ISBN 10: 0596002424
ISBN 13: 9780596002428
Used
Paperback
Seller: WorldofBooks, Goring-By-Sea, WS, United Kingdom
Seller rating 5 out of 5 stars
Paperback. Condition: Very Good. Practically every day, we read about a new type of attack on computer systems and networks. Viruses, worms, denials of service, and password sniffers are attacking all types of systems - from banks to major e-commerce sites to seemingly impregnable government and military computers - at an alarming rate. Despite their myriad manifestations and different targets, nearly all attacks have one fundamental cause: the code used to run far too many systems today is not secure. Flaws in its design, implementation, testing, and operations allow attackers all-too-easy access. This volume looks at the problem of bad code in a new way. It contains advice based on the authors' decades of experience in the computer security field and explains why so much code today is filled with vulnerabilities, and tells readers what they must do to avoid writing code that can be exploited by attackers. Writing secure code isn't easy, and there are no quick fixes to bad code. To build code that repels attack, readers need to be vigilant through each stage of the entire code lifecycle: Architecture: during this stage, applying security principles such as "least privilege" will help limit even the impact of successful attempts to subvert software. Design: during this stage, designers must determine how programs will behave when confronted with fatally flawed input data. The book also offers advice about performing security retrofitting when you don't have the source code - ways of protecting software from being exploited even if bugs can't be fixed. Beyond the technical, "Secure Coding" aims to shed new light on the economic, psychological, and sheer practical reasons why security vulnerabilities are so ubiquitous today. It presents a new way of thinking about these vulnerabilities and ways that developers can compensate for the factors that have produced such unsecured software in the past. It issues a challenge to all those concerned about computer security to finally make a commitment to building code the right way. The book has been read, but is in excellent condition. Pages are intact and not marred by notes or highlighting. The spine remains undamaged. Seller Inventory # GOR002187432
Buy Used
US$ 7.84
US$ 10.63 shipping
Ships from United Kingdom to U.S.A.
Ships from United Kingdom to U.S.A.
Quantity: 2 available