Designing Secure Software

Designing Secure Software

by Loren Kohnfelder
Released November 2021
Publisher(s): No Starch Press
ISBN: 9781718501928

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Designing Secure Software consolidates Loren Kohnfelder's more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process.



The book begins with a discussion of core concepts like trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book's most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities.



You'll learn how to:



Identify important assets, the attack surface, and the trust boundaries in a system

Evaluate the effectiveness of various threat mitigation candidates

Work with well-known secure coding patterns and libraries

Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more

Use security testing to proactively identify vulnerabilities introduced into code

Review a software design for security flaws effectively and without judgment

Table of contents

  1. Title Page
  2. Copyright
  3. Dedication
  4. About the Author
  5. Foreword
  6. Preface
  7. Acknowledgments
  8. Introduction
    1. Who Should Read This Book?
    2. What Topics Does the Book Cover?
      1. Part I: Concepts
      2. Part II: Design
      3. Part III: Implementation
      4. Conclusion
      5. Appendices
    3. Good, Safe Fun
  9. Part I: Concepts
    1. Chapter 1: Foundations
      1. Understanding Security
      2. Trust
        1. Feeling Trust
        2. You Cannot See Bits
        3. Competence and Imperfection
        4. Trust Is a Spectrum
        5. Trust Decisions
        6. Implicitly Trusted Components
        7. Being Trustworthy
      3. Classic Principles
        1. Information Security’s C-I-A
        2. The Gold Standard
        3. Privacy
    2. Chapter 2: Threats
      1. The Adversarial Perspective
      2. The Four Questions
      3. Threat Modeling
        1. Work from a Model
        2. Identify Assets
        3. Identify Attack Surfaces
        4. Identify Trust Boundaries
        5. Identify Threats
        6. Mitigate Threats
      4. Privacy Considerations
      5. Threat Modeling Everywhere
    3. Chapter 3: Mitigation
      1. Addressing Threats
      2. Structural Mitigation Strategies
        1. Minimize Attack Surfaces
        2. Narrow Windows of Vulnerability
        3. Minimize Data Exposure
      3. Access Policy and Access Controls
      4. Interfaces
      5. Communication
      6. Storage
    4. Chapter 4: Patterns
      1. Design Attributes
        1. Economy of Design
        2. Transparent Design
      2. Exposure Minimization
        1. Least Privilege
        2. Least Information
        3. Secure by Default
        4. Allowlists over Blocklists
        5. Avoid Predictability
        6. Fail Securely
      3. Strong Enforcement
        1. Complete Mediation
        2. Least Common Mechanism
      4. Redundancy
        1. Defense in Depth
        2. Separation of Privilege
      5. Trust and Responsibility
        1. Reluctance to Trust
        2. Accept Security Responsibility
      6. Anti-Patterns
        1. Confused Deputy
        2. Backflow of Trust
        3. Third-Party Hooks
        4. Unpatchable Components
    5. Chapter 5: Cryptography
      1. Crypto Tools
      2. Random Numbers
        1. Pseudo-Random Numbers
        2. Cryptographically Secure Pseudo-Random Numbers
      3. Message Authentication Codes
        1. Using MACs to Prevent Tampering
        2. Replay Attacks
        3. Secure MAC Communications
      4. Symmetric Encryption
        1. One-Time Pad
        2. Advanced Encryption Standard
        3. Using Symmetric Cryptography
      5. Asymmetric Encryption
        1. The RSA Cryptosystem
      6. Digital Signatures
      7. Digital Certificates
      8. Key Exchange
      9. Using Crypto
  10. Part II: Design
    1. Chapter 6: Secure Design
      1. Integrating Security in Design
        1. Making Design Assumptions Explicit
        2. Defining the Scope
        3. Setting Security Requirements
        4. Threat Modeling
      2. Building in Mitigations
        1. Designing Interfaces
        2. Designing Data Handling
      3. Integrating Privacy into Design
      4. Planning for the Full Software Life Cycle
      5. Making Trade-offs
      6. Design Simplicity
    2. Chapter 7: Security Design Reviews
      1. SDR Logistics
        1. Why Conduct an SDR?
        2. When to Conduct an SDR
        3. Documentation Is Essential
      2. The SDR Process
        1. 1. Study
        2. 2. Inquire
        3. 3. Identify
        4. 4. Collaborate
        5. 5. Write
        6. 6. Follow Up
      3. Assessing Design Security
        1. Using the Four Questions as Guidance
        2. Where to Dig
        3. Privacy Reviews
        4. Reviewing Updates
      4. Managing Disagreement
        1. Communicate Tactfully
        2. Case Study: A Difficult Review
        3. Escalating Disagreements
      5. Practice, Practice, Practice
  11. Part III: Implementation
    1. Chapter 8: Secure Programming
      1. The Challenge
        1. Malicious Influence
        2. Vulnerabilities Are Bugs
        3. Vulnerability Chains
        4. Bugs and Entropy
        5. Vigilance
      2. Case Study: GotoFail
        1. One-Line Vulnerability
        2. Beware of Footguns
        3. Lessons from GotoFail
      3. Coding Vulnerabilities
        1. Atomicity
        2. Timing Attacks
        3. Serialization
      4. The Usual Suspects
    2. Chapter 9: Low-Level Coding Flaws
      1. Arithmetic Vulnerabilities
        1. Fixed-Width Integer Vulnerabilities
        2. Floating-Point Precision Vulnerabilities
        3. Example: Floating-Point Underflow
        4. Example: Integer Overflow
        5. Safe Arithmetic
      2. Memory Access Vulnerabilities
        1. Memory Management
        2. Buffer Overflow
        3. Example: Memory Allocation Vulnerabilities
        4. Case Study: Heartbleed
    3. Chapter 10: Untrusted Input
      1. Input Validation
        1. Determining Validity
        2. Validation Criteria
        3. Rejecting Invalid Input
        4. Correcting Invalid Input
      2. Character String Vulnerabilities
        1. Length Issues
        2. Unicode Issues
      3. Injection Vulnerabilities
        1. SQL Injection
        2. Path Traversal
        3. Regular Expressions
        4. Dangers of XML
      4. Mitigating Injection Attacks
    4. Chapter 11: Web Security
      1. Build on a Framework
      2. The Web Security Model
        1. The HTTP Protocol
        2. Digital Certificates and HTTPS
        3. The Same Origin Policy
        4. Web Cookies
      3. Common Web Vulnerabilities
        1. Cross-Site Scripting
        2. Cross-Site Request Forgery
      4. More Vulnerabilities and Mitigations
    5. Chapter 12: Security Testing
      1. What Is Security Testing?
      2. Security Testing the GotoFail Vulnerability
        1. Functional Testing
        2. Functional Testing with the Vulnerability
        3. Security Test Cases
        4. The Limits of Security Tests
      3. Writing Security Test Cases
        1. Testing Input Validation
        2. Testing for XSS Vulnerabilities
      4. Fuzz Testing
      5. Security Regression Tests
      6. Availability Testing
        1. Resource Consumption
        2. Threshold Testing
        3. Distributed Denial-of-Service Attacks
      7. Best Practices for Security Testing
        1. Test-Driven Development
        2. Leveraging Integration Testing
        3. Security Testing Catch-Up
    6. Chapter 13: Secure Development Best Practices
      1. Code Quality
        1. Code Hygiene
        2. Exception and Error Handling
        3. Documenting Security
        4. Security Code Reviews
      2. Dependencies
        1. Choosing Secure Components
        2. Securing Interfaces
        3. Don’t Reinvent Security Wheels
        4. Contending with Legacy Security
      3. Vulnerability Triage
        1. DREAD Assessments
        2. Crafting Working Exploits
        3. Making Triage Decisions
      4. Maintaining a Secure Development Environment
        1. Separating Development from Production
        2. Securing Development Tools
        3. Releasing the Product
  12. Afterword
    1. Call to Action
      1. Security Is Everyone’s Job
      2. Baking in Security
    2. Future Security
      1. Improving Software Quality
      2. Managing Complexity
      3. From Minimizing to Maximizing Transparency
      4. Improving Software Authenticity, Trust, and Responsibility
    3. Delivering the Last Mile
    4. Conclusion
  13. Appendix A: Sample Design Document
    1. Title – Private Data Logging Component Design Document
    2. Section 1 – Product Description
    3. Section 2 – Overview
      1. 2.1 Purpose
      2. 2.2 Scope
      3. 2.3 Concepts
      4. 2.4 Requirements
      5. 2.5 Non-Goals
      6. 2.6 Outstanding Issues
      7. 2.7 Alternative Designs
    4. Section 3 – Use Cases
    5. Section 4 – System Architecture
    6. Section 5 – Data Design
    7. Section 6 – API
      1. 6.1 Hello Request
      2. 6.2 Schema Definition Request
      3. 6.3 Event Log Request
      4. 6.4 Goodbye Request
    8. Section 7 – User Interface Design
    9. Section 8 – Technical Design
    10. Section 9 – Configuration
    11. Section 10 – References
  14. Appendix B: Glossary
  15. Appendix C: Exercises
  16. Appendix D: Cheat Sheets
  17. Index

Product information

  • Title: Designing Secure Software
  • Author(s): Loren Kohnfelder
  • Release date: November 2021
  • Publisher(s): No Starch Press
  • ISBN: 9781718501928