Foundations of Security: What Every Programmer Needs to Know (Expert's Voice) (Paperback)

~ (Author), Christoph Kern (Author), Anita Kesavan (Author)
Key Phrases: creditcards table, malicious page, order confirmation form, Code Red, Internet Explorer, Death Star (more...)

Editorial Reviews

Review

From the reviews:

"It is written based on a course for beginning programmers. … The book has three main parts: security design principles, secure programming techniques, and an introduction to cryptography. … Exercises are included at the end of each part in order to provide suggestions for getting hands-on experience." (A. Mariën, ACM Computing Reviews, Vol. 49 (5), May, 2008)

Product Description

Information Technology is for everyone, not just geeks. But that means security is everyone's business, as you will discover in the pages of this excellent book!

— Vinton G. Cerf - a Founding Father of the Internet

This book serves as a great complement to the courses that make up the Stanford Center for Professional Development (SCPD) Security Certification Program. The book explains in detail how to defend against a wide range of attacks, and teaches principles of secure system design.

— Dr. Dan Boneh, Associate Professor, Computer Science and Electrical Engineering, Stanford University

Foundations of Security: What Every Programmer Needs to Know teaches new and current software professionals state-of-the-art software security design principles, methodology, and concrete programming techniques they need to build secure software systems. Once youre enabled with the techniques covered in this book, you can start to alleviate some of the inherent vulnerabilities that make todays software so susceptible to attack. The book uses web servers and web applications as running examples throughout the book.

For the past few years, the Internet has had a "wild, wild west" flavor to it. Credit card numbers are stolen in massive numbers. Commercial web sites have been shut down by Internet worms. Poor privacy practices come to light and cause great embarrassment to the corporations behind them. All these security-related issues contribute at least to a lack of trust and loss of goodwill. Often there is a monetary cost as well, as companies scramble to clean up the mess when they get spotlighted by poor security practices.

It takes time to build trust with users, and trust is hard to win back. Security vulnerabilities get in the way of that trust. Foundations of Security: What Every Programmer Needs To Know helps you manage risk due to insecure code and build trust with users by showing how to write code to prevent, detect, and contain attacks.

• The lead author cofounded the Stanford Center for Professional Development Computer Security Certification.
• This book teaches you how to be more vigilant and develop a sixth sense for identifying and eliminating potential security vulnerabilities.
• Youll receive hands-on code examples for a deep and practical understanding of security.
• Youll learn enough about security to get the job done.

See all Editorial Reviews

Product Details

• Paperback: 320 pages
• Publisher: Apress; 1 edition (February 16, 2007)
• Language: English
• ISBN-10: 1590597842
• ISBN-13: 978-1590597842
• Product Dimensions: 9.2 x 6.9 x 0.9 inches
• Shipping Weight: 1.3 pounds (View shipping rates and policies)
• Average Customer Review: 4.5 out of 5 stars  See all reviews (8 customer reviews)
• Amazon.com Sales Rank: #175,737 in Books (See Bestsellers in Books)

  Popular in this category: (What's this?)

  #97 in

  Books > Computers & Internet > Certification Central > Exams > Security+

Customer Reviews

Most Helpful Customer Reviews

8 of 8 people found the following review helpful:

5.0 out of 5 stars Programming with Security in Mind, April 18, 2007

By	George - See all my reviews

An excellent book for new programmers. The first part of the book provides a very good overview of security concepts. Chapters 5-10 detail different attacks and their defense. At 290 pages, the authors don't waste the reader's time. Information is well covered with enough detail for most readers.

Throughout the book the authors present code examples on exploits and their defense. Even through the examples are written in different languages, the authors explain the code clearly. The reader doesn't' have to be familiar with the particular language. I haven't written anything in Java in over six years, but had no problem understand the Java examples.

If you are a new programmer or haven't read a book on security recently, this would be the book.

4 of 5 people found the following review helpful:

5.0 out of 5 stars What all developers need to read, April 2, 2007

By	Bjorn M. Jakobsson "Prof. Markus Jakobsson (w... - See all my reviews (REAL NAME)

Our collective security against threats such as phishing, denial of service and online fraud in general depends not only on our own actions, but also on those of others. While other users may affect your security by their actions (or lack thereof), the most important person in terms of your security is the software developer. This is a book written to help software developers identify common problems and create security-conscious designs.

This easily accessible book describes common problems in an instructive manner. It explains what will and what will not work, reviews good design principles, and offers an overview of commonly used cryptographic techniques. If every developer lived by the guidelines of this book, we would be in a much better shape than we currently are.

3 of 4 people found the following review helpful:

5.0 out of 5 stars A must read for every developer!, February 19, 2007

By	J. Fernandez - See all my reviews (REAL NAME)

This book teaches new and current software professionals state-of-the-art software security design principles, methodology, and concrete programming techniques they need to build secure software systems.