finelybook
Designing Secure Software: A Guide for Developers
Author: Loren Kohnfelder
Publisher Finelybook 出版社: No Starch Press,US (9 Dec. 2021)
Language 语言: English
pages 页数: 312 pages
ISBN-10 书号: 1718501927
ISBN-13 书号: 9781718501928
Book Description
What every software professional should know about security.
Designing Secure Software consolidates Loren Kohnfelder’s more than twenty years of experience into a concise,elegant guide to improving the security of technology products. Written for a wide range of software professionals,it emphasizes building security into software design early and involving the entire team in the process.
The book begins with a discussion of core concepts like trust,threats,mitigation,secure design patterns,and cryptography. The second part,perhaps this book’s most unique and important contribution to the field,covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities,making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities.
You’ll learn how to:
Identify important assets,the attack surface,and the trust boundaries in a system
Evaluate the effectiveness of various threat mitigation candidates
Work with well-known secure coding patterns and libraries
Understand and prevent vulnerabilities like XSS and CSRF,memory flaws,and more
Use security testing to proactively identify vulnerabilities introduced into code
Review a software design for security flaws effectively and without judgment
Kohnfelder’s career,spanning decades at Microsoft and Google,introduced numerous software security initiatives,including the co-creation of the STRIDE threat modeling framework used widely today. This book is a modern,pragmatic consolidation of his best practices,insights,and ideas about the future of software
