Book description
Designing Secure Software consolidates Loren Kohnfelder's more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process.
The book begins with a discussion of core concepts like trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book's most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities.
You'll learn how to:
Identify important assets, the attack surface, and the trust boundaries in a system
Evaluate the effectiveness of various threat mitigation candidates
Work with well-known secure coding patterns and libraries
Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more
Use security testing to proactively identify vulnerabilities introduced into code
Review a software design for security flaws effectively and without judgment
Table of contents
- Title Page
- Copyright
- Dedication
- About the Author
- Foreword
- Preface
- Acknowledgments
- Introduction
-
Part I: Concepts
- Chapter 1: Foundations
- Chapter 2: Threats
- Chapter 3: Mitigation
- Chapter 4: Patterns
- Chapter 5: Cryptography
-
Part II: Design
- Chapter 6: Secure Design
- Chapter 7: Security Design Reviews
-
Part III: Implementation
- Chapter 8: Secure Programming
- Chapter 9: Low-Level Coding Flaws
- Chapter 10: Untrusted Input
- Chapter 11: Web Security
- Chapter 12: Security Testing
- Chapter 13: Secure Development Best Practices
- Afterword
-
Appendix A: Sample Design Document
- Title – Private Data Logging Component Design Document
- Section 1 – Product Description
- Section 2 – Overview
- Section 3 – Use Cases
- Section 4 – System Architecture
- Section 5 – Data Design
- Section 6 – API
- Section 7 – User Interface Design
- Section 8 – Technical Design
- Section 9 – Configuration
- Section 10 – References
- Appendix B: Glossary
- Appendix C: Exercises
- Appendix D: Cheat Sheets
- Index
Product information
- Title: Designing Secure Software
- Author(s):
- Release date: November 2021
- Publisher(s): No Starch Press
- ISBN: 9781718501928
You might also like
book
Software Architecture in Practice, 4th Edition
The Definitive, Practical, Proven Guide to Architecting Modern Software--Fully Updated with New Content on Mobility, the …
book
Building Secure and Reliable Systems
Can a system be considered truly reliable if it isn't fundamentally secure? Or can it be …
book
Secure Coding: Principles and Practices
Practically every day, we read about a new type of attack on computer systems and networks. …
book
Fundamentals of Software Architecture
Salary surveys worldwide regularly place software architect in the top 10 best jobs, yet no real …