Secure Coding: Principles and Practices

3.44 avg rating
( 39 ratings by Goodreads )
 
9780596002428: Secure Coding: Principles and Practices
View all copies of this ISBN edition:
 
 

Practically every day, we read about a new type of attack on computer systems and networks. Viruses, worms, denials of service, and password sniffers are attacking all types of systems -- from banks to major e-commerce sites to seemingly impregnable government and military computers --at an alarming rate.Despite their myriad manifestations and different targets, nearly all attacks have one fundamental cause: the code used to run far too many systems today is not secure. Flaws in its design, implementation, testing, and operations allow attackers all-too-easy access.Secure Coding, by Mark G. Graff and Ken vanWyk, looks at the problem of bad code in a new way. Packed with advice based on the authors' decades of experience in the computer security field, this concise and highly readable book explains why so much code today is filled with vulnerabilities, and tells readers what they must do to avoid writing code that can be exploited by attackers. Writing secure code isn't easy, and there are no quick fixes to bad code. To build code that repels attack, readers need to be vigilant through each stage of the entire code lifecycle:

  • Architecture: during this stage, applying security principles such as "least privilege" will help limit even the impact of successful attempts to subvert software.
  • Design: during this stage, designers must determine how programs will behave when confronted with fatally flawed input data. The book also offers advice about performing security retrofitting when you don't have the source code -- ways of protecting software from being exploited even if bugs can't be fixed.
  • Implementation: during this stage, programmers must sanitize all program input (the character streams representing a programs' entire interface with its environment -- not just the command lines and environment variables that are the focus of most securityanalysis).
  • Testing: during this stage, programs must be checked using both static code checkers and runtime testing methods -- for example, the fault injection systems now available to check for the presence of such flaws as buffer overflow.
  • Operations: during this stage, patch updates must be installed in a timely fashion. In early 2003, sites that had diligently applied Microsoft SQL Server updates were spared the impact of the Slammer worm that did serious damage to thousands of systems.
Beyond the technical, Secure Coding sheds new light on the economic, psychological, and sheer practical reasons why security vulnerabilities are so ubiquitous today. It presents a new way of thinking about these vulnerabilities and ways that developers can compensate for the factors that have produced such unsecured software in the past. It issues a challenge to all those concerned about computer security to finally make a commitment to building code the right way.

"synopsis" may belong to another edition of this title.

About the Author:

Mark Graff is Chief Cyber Security Officer for Lawrence Livermore National Lab and was formerly Network Security Architect and Security Coordinator at Sun Microsystems. He has been a Congressional expert witness, has lectured on network security topics at the Pentagon, and has appeared before the Presidential Commission on Infrastructure Survivability.Ken van Wyk is Director of Technology for Tekmark Global Service's Technology Risk Management (TGS-TRM) practice, and was Chief Technology Officer and Co-Founder of security firm Para-Protect Services. He was one of the founders of the Computer Emergency Response Team (CERT).

Review:

"This is an extremely useful little book in best O'Reilly tradition and I recommend it not only to programmers but also to security architects who work with programmers. It gives you a lot of insights that you don't often come across." Information Security Bulletin, September

"About this title" may belong to another edition of this title.

Other Popular Editions of the Same Title

9780613912051: Secure Coding: Principles and Practices

Featured Edition

ISBN 10:  0613912055 ISBN 13:  9780613912051
Publisher: Sagebrush Education Resources, 2003
Hardcover

Top Search Results from the AbeBooks Marketplace

1.

Mark G. Graff, Kenneth R. van Wyk
Published by O'Reilly Media (2003)
ISBN 10: 0596002424 ISBN 13: 9780596002428
New Paperback Quantity Available: 2
Seller:
Save With Sam
(North Miami, FL, U.S.A.)
Rating
[?]

Book Description O'Reilly Media, 2003. Paperback. Condition: New. Brand New!. Seller Inventory # VIB0596002424

More information about this seller | Contact this seller

Buy New
US$ 63.81
Convert currency

Add to Basket

Shipping: FREE
Within U.S.A.
Destination, rates & speeds

2.

Graff, Mark G.; Wyk, Kenneth R. van
Published by O'Reilly Media
ISBN 10: 0596002424 ISBN 13: 9780596002428
New PAPERBACK Quantity Available: 1
Seller:
Cloud 9 Books
(Wellington, FL, U.S.A.)
Rating
[?]

Book Description O'Reilly Media. PAPERBACK. Condition: New. 0596002424 New Condition. Seller Inventory # NEW7.0231628

More information about this seller | Contact this seller

Buy New
US$ 59.99
Convert currency

Add to Basket

Shipping: US$ 4.99
Within U.S.A.
Destination, rates & speeds

3.

Mark G. Graff; Kenneth R. van Wyk
Published by O'Reilly Media (2003)
ISBN 10: 0596002424 ISBN 13: 9780596002428
New Softcover Quantity Available: 1
Seller:
Irish Booksellers
(Portland, ME, U.S.A.)
Rating
[?]

Book Description O'Reilly Media, 2003. Condition: New. book. Seller Inventory # M0596002424

More information about this seller | Contact this seller

Buy New
US$ 76.05
Convert currency

Add to Basket

Shipping: US$ 3.27
Within U.S.A.
Destination, rates & speeds