Building Secure Software: How to Avoid Security Problems the Right Way

by John Viega / Gary R. McGraw Viega / Mcgraw

Most organizations have a firewall, anti-virus software, and intrusion detection systems, all intended to keep attackers out. So why is it that computer security is a bigger problem than ever before? The answer is simple--bad software lies at the heart of all computer security problems. Point solutions based on watching the network simply treat symptoms of the problem, and usually in a reactive way. If you are serious about computer security, you need to read this book.This book includes many essential lessons intended for both security professionals, who have come to realize that software is the problem, and software developers, who intend to make their code behave.Welcome to Building Secure Software , the book that cuts to the heart of computer security to help you get security right the first time. Make your software behave the way you want it to, and do security the right way.Building Secure Software provides the expertise and techniques to help you ensure the security of essential software. By considering threats and vulnerabilities early in the development cycle, security that actually works can be built into your system. You'll learn how to determine an acceptable level of risk, develop security tests, and plug security holes before software is even shipped. Written for anyone involved in software development and use, from managers to coders, this book is your first step to building more secure software.Inside you'll find the ten guiding principles for software security, as well as detailed coverageSoftware risk management for securitySelecting technologies to make your code more secureSecurity implications of open source and proprietary softwareHow to audit softwareThe dreaded buffer overflowAccess control and password authenticationRandom number generationApplying cryptographyTrust management and inputClient-Side securityDealing with firewallsOnly by building secure software can you defend yourself against security breaches and gain the confidence that comes with knowing you won't have to play the "penetrate and patch" game anymore. Wouldn't you rather design things properly and thoroughly test your system than have your problems announced to the world on the front page? Let these expert authors help save you time, money, credibility, and your customer's trust.

Genres: Software, Computers, Nonfiction

526 pages, Paperback

First published September 24, 2001

Reviews

[Paco]

I think it is important the security aspects of software and all those risks involved in code development and to constantly apply certain security measures.

[Roberto Rigolin F Lopes · Rating 3 out of 5]

It has been fourteen years since its publication. Felt a bit like reading history of software security. Many of the problems were solved; systems and APIs dead. But the exercise was fun and the mindset can be widely reused.

[João Fernandes · Rating 2 out of 5]

Not worth it. Bought it for graduate course as it was the recommended book, but quickly realized it was pretty much useless. It is written in such a boring way... and I do love the topic.

[Preetha Xavier]

john Viega, Gary McGraw Building Secure Software: How to Avoid Security Problems the Right Way