Book description
Secure by Design teaches developers how to use design to drive security in software development. This book is full of patterns, best practices, and mindsets that you can directly apply to your real world development. You'll also learn to spot weaknesses in legacy code and how to address them.
About the Technology
Security should be the natural outcome of your development process. As applications increase in complexity, it becomes more important to bake security-mindedness into every step. The secure-by-design approach teaches best practices to implement essential software features using design as the primary driver for security.
About the Book
Secure by Design teaches you principles and best practices for writing highly secure software. At the code level, you’ll discover security-promoting constructs like safe error handling, secure validation, and domain primitives. You’ll also master security-centric techniques you can apply throughout your build-test-deploy pipeline, including the unique concerns of modern microservices and cloud-native designs.
What's Inside
- Secure-by-design concepts
- Spotting hidden security problems
- Secure code constructs
- Assessing security by identifying common design flaws
- Securing legacy and microservices architectures
About the Reader
Readers should have some experience in designing applications in Java, C#, .NET, or a similar language.
About the Authors
Dan Bergh Johnsson, Daniel Deogun, and Daniel Sawano are acclaimed speakers who often present at international conferences on topics of high-quality development, as well as security and design.
Quotes
A practical, actionable handbook. Not just a call to arms about treating security seriously as a design activity...it also provides a raft of real examples, worked through from design considerations to actual code listings.
- From the Foreword by Daniel Terhorst-North
An eye-opening look into how good design can be the best form of security. A brilliant introduction to domain-driven design and great design principles.
- Jeremy Lange, Sertifi
Creating secure applications is a must, and it’s not a simple task. With this book, you learn a set of tools and a way of thinking that makes it a lot easier.
- Eros Pedrini, Everiske, GroupBy
Well-paced and thorough. Highly recommended.
- Justin Calleja, Mr Green
You don't just learn about writing secure—you end up with a list of highly useful good design practices.
- Henrik Gering, Radiometer Medical
Makes security part of the DNA of your development process.
- Robert Kielty, Roki Test Driven Software
Publisher resources
Table of contents
- Secure by Design
- brief contents
- contents
- front matter
- Part 1 Introduction
- 1 Why design matters for security
- 2 Intermission: The anti-Hamlet
- Part 2 Fundamentals
- 3 Core concepts of Domain-Driven Design
- 4 Code constructs promoting security
- 5 Domain primitives
-
6 Ensuring integrity of state
- 6.1 Managing state using entities
-
6.2 Consistent on creation
- 6.2.1 The perils of no-arg constructors
- 6.2.2 ORM frameworks and no-arg constructors
- 6.2.3 All mandatory fields as constructor arguments
- 6.2.4 Construction with a fluent interface
- 6.2.5 Catching advanced constraints in code
- 6.2.6 The builder pattern for upholding advanced constraints
- 6.2.7 ORM frameworks and advanced constraints
- 6.2.8 Which construction to use when
- 6.3 Integrity of entities
- Summary
- 7 Reducing complexity of state
- 8 Leveraging your delivery pipeline for security
- 9 Handling failures securely
- 10 Benefits of cloud thinking
- 11 Intermission: An insurance policy for free
- Part 3 Applying the fundamentals
-
12 Guidance in legacy code
- 12.1 Determining where to apply domain primitives in legacy code
- 12.2 Ambiguous parameter lists
- 12.3 Logging unchecked strings
- 12.4 Defensive code constructs
- 12.5 DRY misapplied—not focusing on ideas, but on text
- 12.6 Insufficient validation in domain types
- 12.7 Only testing the good enough
- 12.8 Partial domain primitives
- No double money
- Summary
- 13 Guidance on microservices
- 14 A final word: Don’t forget about security!
- index
- Lists of Figures, Tables and Listings
Product information
- Title: Secure by Design
- Author(s):
- Release date: September 2019
- Publisher(s): Manning Publications
- ISBN: 9781617294358
You might also like
book
Designing Secure Software
Designing Secure Software consolidates Loren Kohnfelder's more than twenty years of experience into a concise, elegant …
book
Agile Application Security
Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally …
book
Building Secure and Reliable Systems
Can a system be considered truly reliable if it isn't fundamentally secure? Or can it be …
book
Microservices Security in Action
Unlike traditional enterprise applications, Microservices applications are collections of independent components that function as a system. …