Foundations of Security: What Every Programmer Needs to Know

by Christoph Kern, Anita Kesavan, Neil Daswani

Software developers need to worry about security as never before. They need clear guidance on safe coding practices, and that’s exactly what this book delivers. The book does not delve deep into theory, or rant about the politics of security. Instead, it clearly and simply lays out the most common threats that programmers need to defend against. It then shows programmers how to make their defense. The book takes a broad focus, ranging over SQL injection, worms and buffer overflows, password security, and more. It sets programmers on the path towards successfully defending against the entire gamut of security threats that they might face.

Genres: Programming, Technology, Nonfiction, Technical, Computers, Computer Science, Software

319 pages, Paperback

First published January 1, 2007

Reviews

[Nariman · Rating 4 out of 5]

کتاب خیلی خوبیه برای شروع مطالعه در مورد امنیت که کمک می‌کنه به برنامه‌نویس ها تا کد امن بنویسن و از خطرات امنیتی آگاه بشن. سعی می‌کنه تا جای ممکن کلی صحبت کنه و همه موارد رو پوشش بده و زیاد عمیق نشه.خیلی جاها بیشتر تو ذهنتون سوال ایجاد می‌کنه تا بعدا برید در موردشون بخونید. سه بخش تمرین هم داره برای بیشتر مسلط شدن روی مباحث .

[Caroline · Rating 2 out of 5]

I don't have much security knowledge, so I wasn't expecting to pick up a security book and already know a good chunk of the stuff in it. This book was pretty introductory, though, to the point that I already knew a lot of its content from a generic CS degree and a few years of non-security-specific programming experience. For any topics I wasn't already familiar with, the book often covered them at such a cursory level that I felt like I didn't learn much. There were a couple of cases in which it gave a link to a more comprehensive resource where I learned something interesting, but more times I didn't bother.

[Yehia Abo el-nga · Rating 5 out of 5]

Very informative book; It goes over a breadth of security topics that every software engineer needs to know (from encryption, to SQL injection, to buffer overflows, and so on).

[Amar Pai · Rating 3 out of 5]

I got my CS degree without ever taking a course in security. I'm starting to think it should be required. For those like me who are looking for a general refresher, this is a good place to start. Not too theoretical, more concerned with practical application of concepts. The section on cross site scripting attacks is particularly useful, as this is a problem all web developers now have to consider when designing & implementing anything.

[Becca Becca · Rating 4 out of 5]

I met Neil Daswani because I marketed one of his coures at Stanford. He gave me a copy of this book and I ended up reading it and eventually writing a press release around it.

[Javier H · Rating 5 out of 5]

No es todo todo lo que debería saber pero es un buen acercamiento además de ser bastante entretenido.