- Take an Extra 30% Off Any Book: Use promo code HOLIDAY30 at checkout to get an extra 30% off any book for a limited time. Excludes Kindle eBooks and Audible Audiobooks. Restrictions apply. Learn more.
"This book is useful, practical, understandable, and comprehensive. The fact that you have this book in your hands is a step in the right direction. Read it, learn from it. And then put its lessons into practice." --From the Foreword by Bruce Schneier, CTO, Counterpane, and author of Secrets and Lies "A must-read for anyone writing software for the Internet." --Jeremy Epstein, Director, Product Security and Performance, webMethods "This book tackles complex application security problems like buffer overflows, race conditions, and applied cryptography in a manner that is straightforward and easy to understand. This is a must for any application developer or security professional." --Paul Raines, Global Head of Information Risk Management, Barclays Capital
Most organizations have a firewall, antivirus software, and intrusion detection systems, all of which are intended to keep attackers out. So why is computer security a bigger problem today than ever before? The answer is simple--bad software lies at the heart of all computer security problems. Traditional solutions simply treat the symptoms, not the problem, and usually do so in a reactive way. This book teaches you how to take a proactive approach to computer security.
Building Secure Software cuts to the heart of computer security to help you get security right the first time. If you are serious about computer security, you need to read this book, which includes essential lessons for both security professionals who have come to realize that software is the problem, and software developers who intend to make their code behave. Written for anyone involved in software development and use--from managers to coders--this book is your first step toward building more secure software. Building Secure Software provides expert perspectives and techniques to help you ensure the security of essential software. If you consider threats and vulnerabilities early in the devel-opment cycle you can build security into your system. With this book you will learn how to determine an acceptable level of risk, develop security tests, and plug security holes before software is even shipped.
Inside you'll find the ten guiding principles for software security, as well as detailed coverage of:
Only by building secure software can you defend yourself against security breaches and gain the confidence that comes with knowing you won't have to play the "penetrate and patch" game anymore. Get it right the first time. Let these expert authors show you how to properly design your system; save time, money, and credibility; and preserve your customers' trust.
John Viega is the CTO of Secure Software Solutions (www.securesw.com) and a noted expert in the area of software security. He is responsible for numerous tools in this area, including code scanners (ITS4 and RATS), random number suites (EGADS), automated repair tools, and secure programming libraries. He is also the original author of Mailman, the GNU mailing list manager.
Gary McGraw, Cigital's CTO, is a leading authority on software security. Dr. McGraw is coauthor of the groundbreaking books Building Secure Software and Exploiting Software (both from Addison-Wesley). While consulting for major software producers and consumers, he has published over ninety peer-reviewed technical publications, and functions as principal investigator on grants from DARPA, the National Science Foundation, and NIST's Advanced Technology Program. He serves on the advisory boards of Authentica, Counterpane, and Fortify Software. He is also an advisor to the computer science departments at University of California, Davis, and the University of Virginia, as well as the School of Informatics at Indiana University.
Very old reference. Had to have this for a masters class at a University.Published 1 month ago by Melissa Baker
...twitter, target, facebook hacks were prime examples of insecure software design practice we have to deal with daily.
The book is very well written. Read more
It is a good book but with the exception of the chapter on buffer overflows, my perception of the book is that it focus mainly on the theory of software security. Read morePublished on May 8, 2007 by Olivier Langlois
When I read this, I was like oh my gosh, how could I ever code like that.
This book is so, so very important if you care about secure coding.
Accurate, to-the-point, and proper coverage of main topics. Good job on part of authors.
Unfortunately, the book's accompanying website ([... Read more
'Building Secure Software' (BSS) is an excellent book. I can't believe it was published in the fall of 2001, and I've only gotten to it now. Read morePublished on January 4, 2005 by Richard Bejtlich
Many transformations begin with an indictment. Two notable examples are Martin Luther's "95 Theses" criticizing the Catholic Church, which began the Reformation, and Ralph Nader's... Read morePublished on March 8, 2004 by Ben Rothke
This subject of this book isn't written about often enough. Where are the vulnerabilites? Think about that question... They are in the software! Read morePublished on February 27, 2004 by Jeff Pike
I thought I was good at coding, but didn't realize how much security breaches can be done until I read this book. Read morePublished on August 31, 2003 by Eric Kent