BUY THIS BOOK
Add to Cart

Print Book $29.95


Add to Cart

PDF $23.99

Safari Books Online

What is this?

Add to UK Cart

Print Book £20.95

What is this?

Looking to Reprint or License this content?

Envelope Tell a friend
Secure Coding: Principles and Practices

By Mark G. Graff, Kenneth R. van Wyk
First Edition  June 2003 
Pages: 224
ISBN 10: 0-596-00242-4 | ISBN 13: 9780596002428
starstarstarstarstar (Average of 3 Customer Reviews)

Buy 2 Get 1 Free Free ShippingGuarantee

Book description

Despite their myriad manifestations and different targets, nearly all attacks on computer systems have one fundamental cause: the code used to run far too many systems today is not secure. Flaws in its design, implementation, testing, and operations allow attackers all-too-easy access. Secure Coding: Principles & Practices looks at the problem of bad code in a new way. Packed with advice based on the authors' decades of experience in the computer security field, this concise and highly readable book explains why so much code today is filled with vulnerabilities, and tells readers what they must do to avoid writing code that can be exploited by attackers.
Full Description

Practically every day, we read about a new type of attack on computer systems and networks. Viruses, worms, denials of service, and password sniffers are attacking all types of systems -- from banks to major e-commerce sites to seemingly impregnable government and military computers --at an alarming rate. Despite their myriad manifestations and different targets, nearly all attacks have one fundamental cause: the code used to run far too many systems today is not secure. Flaws in its design, implementation, testing, and operations allow attackers all-too-easy access. Secure Coding, by Mark G. Graff and Ken vanWyk, looks at the problem of bad code in a new way. Packed with advice based on the authors' decades of experience in the computer security field, this concise and highly readable book explains why so much code today is filled with vulnerabilities, and tells readers what they must do to avoid writing code that can be exploited by attackers. Writing secure code isn't easy, and there are no quick fixes to bad code. To build code that repels attack, readers need to be vigilant through each stage of the entire code lifecycle:
  • Architecture: during this stage, applying security principles such as "least privilege" will help limit even the impact of successful attempts to subvert software.
  • Design: during this stage, designers must determine how programs will behave when confronted with fatally flawed input data. The book also offers advice about performing security retrofitting when you don't have the source code -- ways of protecting software from being exploited even if bugs can't be fixed.
  • Implementation: during this stage, programmers must sanitize all program input (the character streams representing a programs' entire interface with its environment -- not just the command lines and environment variables that are the focus of most security analysis).
  • Testing: during this stage, programs must be checked using both static code checkers and runtime testing methods -- for example, the fault injection systems now available to check for the presence of such flaws as buffer overflow.
  • Operations: during this stage, patch updates must be installed in a timely fashion. In early 2003, sites that had diligently applied Microsoft SQL Server updates were spared the impact of the Slammer worm that did serious damage to thousands of systems.
Beyond the technical, Secure Coding sheds new light on the economic, psychological, and sheer practical reasons why security vulnerabilities are so ubiquitous today. It presents a new way of thinking about these vulnerabilities and ways that developers can compensate for the factors that have produced such unsecured software in the past. It issues a challenge to all those concerned about computer security to finally make a commitment to building code the right way.

Browse within this book

Cover | Table of Contents | Colophon


Featured customer reviews

Write a Review


Secure Coding: Principles & Practices Review,  August 14 2003
Rating: StarStarStarStarStar
Submitted by Srinivas   [Respond | View]

Authors explained on how to write secure coding without concentrating on technology or one language, they explained the entire concepts in general which can be implemented in whatever the language you develop your program. As the book says, you don't need to make the same mistake what others did, you learn from their mistakes. Reading this book changes the way you write your programs. If everbody implements secure coding, then will have less bugs in the software resulting less patches to install. Now a days we are finding lot of security updates because of not developing Secure applications.

They tried to explain everything in simple but few topics went over my head, hope I need to concentrate on those topics over and over.

I recommend this book for every one involved in IT projects, not the just developers.




Secure Coding: Principles & Practices Review,  July 29 2003
Rating: StarStarStarStarStar
Submitted by Wade Bicknell   [Respond | View]

Ken and Mark have written the playbook for writing secure code. The book focuses on security principles and doesn't use complicated code-based examples to explain these essential security practices. The authors use very easy-to-understand examples that help to illustrate the security principles they discuss.

Step-by-step, they take readers through the levels of security from the initial architecture right through to the QA process. These practices and examples are not the product of reading what someone else wrote and regurgitating it in another form (as so often security publications are these days) but rather the product of experience, and mistakes. That is truly where this book's value rests.

This book is truly a triumph in security. With a combination of good examples and well thought-out text, this book is a must read.

My only criticism of the book is that people might dismiss it as a coder's guide books by the title. The book is not just for coders, its for anyone involved in anyway with computer security.




Secure Coding: Principles & Practices Review,  July 15 2003
Rating: StarStarStarStarStar
Submitted by Filip   [Respond | View]

This book is great! You should try it

Read all reviews

Media reviews "There are some books that I believe should be mandatory reading for any person studying computer science, information technology auditing, or some other related fields, and that should also be on the must read lists of any technology professional. I do not often come across a book like this. Secure Coding: Principles and Practices by Mark C. Graff and Kenneth R. van Wyk, however, meets my 'must-read' criteria and then some."
-Christopher Byrne, The Business Controls Caddy, July 2005

"'Secure Coding: Principle and Practices' is a good supplement for any software engineer. By addressing software security within the development cycle, many security vulnerabilities can be hedged from the beginning and prepared for when they are found in the future...'Secure Coding' makes a prime guide to incorporating security assessment and development with current and future software projects."
--Cedar Valley Linux Users Group, April 2004
http://www.cedarlug.org/article.php?story=2004040617250150

"Whatever area of software development you are involved in, if you are at all concerned with the security of the finished product (and if not, you almost certainly should be!), then you will find 'Secure Coding' to be an essential read."
--Jon Allen, Birmingham Perl Mongers, March 2004
http://birmingham.pm.org/docs/reviews/securecdng.html

Read all reviews

See larger cover