Foundations of Security: What Every Programmer Needs to Know (Expert's Voice) [Paperback]

Neil Daswani (Author), Christoph Kern (Author), Anita Kesavan (Author)

Book Description

Series: Expert's Voice | Publication Date: February 15, 2007

Security is an area of increasing and grave concern to programmers. Security attacks abound, and all too often the "way in" for the perpetrators is through a "hole" left by an unwary programmer. For example, there is the case of some forty million credit card numbers having been exposed to hackers by a company then known as CardSystems, and hundreds of thousands of them stolen. Forty million people suddenly had their credit and finances put at risk. How were those numbers exposed? They were taken in what is called a "SQL injection" attack, one made possible by a likely anonymous programmer many levels down in the CardSystems hierarchy who simply was unaware of the ultimate danger inherent in the code that he was writing. CardSystems suffered greatly from the publicity surrounding the successful attack, and no longer exists today as an independent company.

It was recently made public that the CardSystems data breach which exposed 40 million credit cards in 2005 (arguably the worst cyberattack of all time, to date, and also investigated by Congress and the FTC) was due to SQL injection and weak passwords.

For background, see http://www.webappsec.org/projects/whid/list_id_2004-17.shtml

Also, see clause 6 of the FTC commission report:
http://www.ftc.gov/os/caselist/0523148/0523148complaint.pdf

Fallout from the security breach, http://www.strategy-business.com/press/sbkw2/sbkwarticle/sbkw051130)

Software developers today need to worry about security as never before. They need clear guidance on safe coding practices, and that’s exactly what Fundamentals of Security: What Ever Programmer Needs to Know delivers. This isn’t a book that goes deep into theory, or that rants on about the politics of security. This is a book that clearly and simply lays out the most common threats that programmers need to defend against. And then the book shows programmers how to make their defense. The book takes a broad focus, ranging over SQL injection, worms and buffer overflows, password security, and more. The book is written to appeal to all programmers, not just those using a particular language. It introduces programmers to the entire gamut of security threats that they might face, and sets those programmers on the path towards successfully defending against those threats.

Editorial Reviews

Review

From the reviews:

"It is written based on a course for beginning programmers. … The book has three main parts: security design principles, secure programming techniques, and an introduction to cryptography. … Exercises are included at the end of each part in order to provide suggestions for getting hands-on experience." (A. Mariën, ACM Computing Reviews, Vol. 49 (5), May, 2008)

About the Author

Neil Daswani, Ph.D, has served in a variety of research, development, teaching, and managerial roles at Stanford University, Yodlee, and Bellcore (now Telcordia Technologies). His areas of expertise include software and network security, wireless data technology, and peer-to-peer systems. He has published extensively in these areas, frequently gives talks at industry and academic conferences, and has been granted three U.S. patents. He received a Ph.D. in Computer Science from Stanford University, and currently works for Google. He also holds a M.S. in Computer Science from Stanford University, and a B.S. in Computer Science with honors with distinction from Columbia University.

Anita Kesavan is a freelance writer and received her M.F.A. in Creative Writing from Sarah Lawrence College. She also holds a B.A. in English from Illinois-Wesleyan University. She specializes in communicating complex technical ideas in simple, easy-to-understand language.

Christoph Kern is an Information Security Engineer at Google, and was previously a Senior Security Architect at Yodlee, a provider of technology solutions to the financial services industry.  He has extensive experience in performing security design reviews and code audits, designing and developing secure applications, and helping product managers and software engineers effectively mitigate security risks in their software products.

Product Details

• Paperback: 320 pages
• Publisher: Apress; 1 edition (February 15, 2007)
• Language: English
• ISBN-10: 1590597842
• ISBN-13: 978-1590597842
• Product Dimensions: 9.2 x 6.9 x 0.9 inches
• Shipping Weight: 1.3 pounds (View shipping rates and policies)
• Average Customer Review: 4.6 out of 5 stars  See all reviews (9 customer reviews)
• Amazon Best Sellers Rank: #173,438 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

11 of 11 people found the following review helpful:

5.0 out of 5 stars Programming with Security in Mind, April 18, 2007

By 

George - See all my reviews

This review is from: Foundations of Security: What Every Programmer Needs to Know (Expert's Voice) (Paperback)

An excellent book for new programmers. The first part of the book provides a very good overview of security concepts. Chapters 5-10 detail different attacks and their defense. At 290 pages, the authors don't waste the reader's time. Information is well covered with enough detail for most readers.

Throughout the book the authors present code examples on exploits and their defense. Even through the examples are written in different languages, the authors explain the code clearly. The reader doesn't' have to be familiar with the particular language. I haven't written anything in Java in over six years, but had no problem understand the Java examples.

If you are a new programmer or haven't read a book on security recently, this would be the book.

5 of 6 people found the following review helpful:

5.0 out of 5 stars What all developers need to read, April 2, 2007

By 

Bjorn M. Jakobsson "Prof. Markus Jakobsson (w... - See all my reviews
(REAL NAME)   

This review is from: Foundations of Security: What Every Programmer Needs to Know (Expert's Voice) (Paperback)

Our collective security against threats such as phishing, denial of service and online fraud in general depends not only on our own actions, but also on those of others. While other users may affect your security by their actions (or lack thereof), the most important person in terms of your security is the software developer. This is a book written to help software developers identify common problems and create security-conscious designs.

This easily accessible book describes common problems in an instructive manner. It explains what will and what will not work, reviews good design principles, and offers an overview of commonly used cryptographic techniques. If every developer lived by the guidelines of this book, we would be in a much better shape than we currently are.

1 of 1 people found the following review helpful:

5.0 out of 5 stars Excellent book !, February 24, 2011

By 

Sandra Dunn - See all my reviews

This review is from: Foundations of Security: What Every Programmer Needs to Know (Expert's Voice) (Paperback)

I was wandering around the RSA Conference show floor and was pleasantly surprised to stumble across Neil Daswani autographing this book for people.

I read a lot of security books and I think this is one of the most clearly written books I have ever read. I am not a programmer I am a software auditor / tester specifically focusing on security. I understand the security, this book helped me have a better understanding of how it applies to programming.

Highly recommend.