Foundations of Security

What Every Programmer Needs to Know

By Christoph Kern , Anita Kesavan , Neil Daswani

Foundations of Security Cover Image

Foundations of Security: What Every Programmer Needs to Know teaches you state-of-the-art software security design principles, methodology, and concrete programming techniques that you need to build secure software systems.

Full Description

  • ISBN13: 978-1-59059-784-2
  • 320 Pages
  • User Level: Beginner to Advanced
  • Publication Date: February 14, 2007
  • Available eBook Formats: PDF
  • Print Book Price: $39.99
  • eBook Price: $27.99
Buy eBook Buy Print Book Add to Wishlist

Related Titles

Full Description

Foundations of Security: What Every Programmer Needs to Know teaches new and current software professionals state-of-the-art software security design principles, methodology, and concrete programming techniques they need to build secure software systems. Once you're enabled with the techniques covered in this book, you can start to alleviate some of the inherent vulnerabilities that make today's software so susceptible to attack. The book uses web servers and web applications as running examples throughout the book.

For the past few years, the Internet has had a "wild, wild west" flavor to it. Credit card numbers are stolen in massive numbers. Commercial web sites have been shut down by Internet worms. Poor privacy practices come to light and cause great embarrassment to the corporations behind them. All these security-related issues contribute at least to a lack of trust and loss of goodwill. Often there is a monetary cost as well, as companies scramble to clean up the mess when they get spotlighted by poor security practices.

It takes time to build trust with users, and trust is hard to win back. Security vulnerabilities get in the way of that trust. Foundations of Security: What Every Programmer Needs To Know helps you manage risk due to insecure code and build trust with users by showing how to write code to prevent, detect, and contain attacks.

  • The lead author co-founded the Stanford Center for Professional Development Computer Security Certification.
  • This book teaches you how to be more vigilant and develop a sixth sense for identifying and eliminating potential security vulnerabilities.
  • You'll receive hands-on code examples for a deep and practical understanding of security.
  • You'll learn enough about security to get the job done.

Table of Contents

Table of Contents

  1. Security Goals
  2. Secure Systems Design
  3. Secure Design Principles
  4. Exercises for Part 1
  5. Worms and Other Malware
  6. Buffer Overflows
  7. Client-State Manipulation
  8. SQL Injection
  9. Password Security
  10. Cross-Domain Security in Web Applications
  11. Exercises for Part 2
  12. Symmetric Key Cryptography
  13. Asymmetric Key Cryptography
  14. Key Management and Exchange
  15. MACs and Signatures
  16. Exercises for Part 3
Source Code/Downloads

Downloads are available to accompany this book.

Your operating system can likely extract zipped downloads automatically, but you may require software such as WinZip for PC, or StuffIt on a Mac.

Errata

Please Login to submit errata.

No errata are currently published