Foundations of Security: What Every Programmer Needs to Know (Expert's Voice) [Paperback]

Christoph Kern (Author), Anita Kesavan (Author), Neil Daswani (Author)

Book Description

Publication Date: February 15, 2007 | Series: Expert's Voice

Foundations of Security: What Every Programmer Needs to Know teaches new and current software professionals state-of-the-art software security design principles, methodology, and concrete programming techniques they need to build secure software systems. Once you're enabled with the techniques covered in this book, you can start to alleviate some of the inherent vulnerabilities that make today's software so susceptible to attack. The book uses web servers and web applications as running examples throughout the book.

For the past few years, the Internet has had a "wild, wild west" flavor to it. Credit card numbers are stolen in massive numbers. Commercial web sites have been shut down by Internet worms. Poor privacy practices come to light and cause great embarrassment to the corporations behind them. All these security-related issues contribute at least to a lack of trust and loss of goodwill. Often there is a monetary cost as well, as companies scramble to clean up the mess when they get spotlighted by poor security practices.

It takes time to build trust with users, and trust is hard to win back. Security vulnerabilities get in the way of that trust. Foundations of Security: What Every Programmer Needs To Know helps you manage risk due to insecure code and build trust with users by showing how to write code to prevent, detect, and contain attacks.

• The lead author co-founded the Stanford Center for Professional Development Computer Security Certification.
• This book teaches you how to be more vigilant and develop a sixth sense for identifying and eliminating potential security vulnerabilities.
• You'll receive hands-on code examples for a deep and practical understanding of security.
• You'll learn enough about security to get the job done.

Table of Contents

1. Security Goals
2. Secure Systems Design
3. Secure Design Principles
4. Exercises for Part 1
5. Worms and Other Malware
6. Buffer Overflows
7. Client-State Manipulation
8. SQL Injection
9. Password Security
10. Cross-Domain Security in Web Applications
11. Exercises for Part 2
12. Symmetric Key Cryptography
13. Asymmetric Key Cryptography
14. Key Management and Exchange
15. MACs and Signatures
16. Exercises for Part 3

Editorial Reviews

Review

From the reviews:

"It is written based on a course for beginning programmers. … The book has three main parts: security design principles, secure programming techniques, and an introduction to cryptography. … Exercises are included at the end of each part in order to provide suggestions for getting hands-on experience." (A. Mariën, ACM Computing Reviews, Vol. 49 (5), May, 2008)

About the Author

Christoph Kern is an information security engineer at Google and was previously a senior security architect at Yodlee, a provider of technology solutions to the financial services industry. He has extensive experience in performing security design reviews and code audits, designing and developing secure applications, and helping product managers and software engineers effectively mitigate security risks in their software products.

Anita Kesavan is a freelance writer and received her master's in fine arts in creative writing from Sarah Lawrence College, New York. She also holds a bachelor's in English from Illinois-Wesleyan University. She specializes in communicating complex technical ideas in simple, easy-to-understand language.

Neil Daswani has served in a variety of research, development, teaching, and managerial roles at Stanford University, DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia Technologies). His areas of expertise include security, wireless data technology, and peer-to-peer systems. He has published extensively in these areas, frequently gives talks at industry and academic conferences, and has been granted several U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University, and he currently works for Google. He earned a bachelor's in computer science with honors with distinction from Columbia University.

Product Details

• Paperback: 320 pages
• Publisher: Apress; 1 edition (February 15, 2007)
• Language: English
• ISBN-10: 1590597842
• ISBN-13: 978-1590597842
• Product Dimensions: 7.1 x 0.8 x 9.1 inches
• Shipping Weight: 1.3 pounds (View shipping rates and policies)
• Average Customer Review: 4.6 out of 5 stars  See all reviews (9 customer reviews)
• Amazon Best Sellers Rank: #218,247 in Books (See Top 100 in Books)
  • #69 in Books > Computers & Technology > Certification > CompTIA

More About the Author

Discover books, learn about writers, read author blogs, and more.

Most Helpful Customer Reviews

12 of 12 people found the following review helpful

5.0 out of 5 stars Programming with Security in Mind April 18, 2007

By George

Format:Paperback

An excellent book for new programmers. The first part of the book provides a very good overview of security concepts. Chapters 5-10 detail different attacks and their defense. At 290 pages, the authors don't waste the reader's time. Information is well covered with enough detail for most readers.

Throughout the book the authors present code examples on exploits and their defense. Even through the examples are written in different languages, the authors explain the code clearly. The reader doesn't' have to be familiar with the particular language. I haven't written anything in Java in over six years, but had no problem understand the Java examples.

If you are a new programmer or haven't read a book on security recently, this would be the book.

5 of 6 people found the following review helpful

5.0 out of 5 stars What all developers need to read April 2, 2007

By Bjorn M. Jakobsson

Format:Paperback

Our collective security against threats such as phishing, denial of service and online fraud in general depends not only on our own actions, but also on those of others. While other users may affect your security by their actions (or lack thereof), the most important person in terms of your security is the software developer. This is a book written to help software developers identify common problems and create security-conscious designs.

This easily accessible book describes common problems in an instructive manner. It explains what will and what will not work, reviews good design principles, and offers an overview of commonly used cryptographic techniques. If every developer lived by the guidelines of this book, we would be in a much better shape than we currently are.

1 of 1 people found the following review helpful

5.0 out of 5 stars Excellent book ! February 24, 2011

By Sandra Dunn

Format:Paperback

I was wandering around the RSA Conference show floor and was pleasantly surprised to stumble across Neil Daswani autographing this book for people.

I read a lot of security books and I think this is one of the most clearly written books I have ever read. I am not a programmer I am a software auditor / tester specifically focusing on security. I understand the security, this book helped me have a better understanding of how it applies to programming.

Highly recommend.