Free Secure Coding: Principles and Practices

Rating: (19 reviews)
Author:
ISBN : 0596002424
New from $49.99
Format: PDF

Download Free Secure Coding: Principles and Practices [Paperback] from 4shared, mediafire, hotfile, and mirror link

Practically every day, we read about a new type of attack on computer systems and networks. Viruses, worms, denials of service, and password sniffers are attacking all types of systems -- from banks to major e-commerce sites to seemingly impregnable government and military computers --at an alarming rate.

Despite their myriad manifestations and different targets, nearly all attacks have one fundamental cause: the code used to run far too many systems today is not secure. Flaws in its design, implementation, testing, and operations allow attackers all-too-easy access.

Secure Coding, by Mark G. Graff and Ken vanWyk, looks at the problem of bad code in a new way. Packed with advice based on the authors' decades of experience in the computer security field, this concise and highly readable book explains why so much code today is filled with vulnerabilities, and tells readers what they must do to avoid writing code that can be exploited by attackers. Writing secure code isn't easy, and there are no quick fixes to bad code. To build code that repels attack, readers need to be vigilant through each stage of the entire code lifecycle:

• Architecture: during this stage, applying security principles such as "least privilege" will help limit even the impact of successful attempts to subvert software.
• Design: during this stage, designers must determine how programs will behave when confronted with fatally flawed input data. The book also offers advice about performing security retrofitting when you don't have the source code -- ways of protecting software from being exploited even if bugs can't be fixed.
• Implementation: during this stage, programmers must sanitize all program input (the character streams representing a programs' entire interface with its environment -- not just the command lines and environment variables that are the focus of most security analysis).
• Testing: during this stage, programs must be checked using both static code checkers and runtime testing methods -- for example, the fault injection systems now available to check for the presence of such flaws as buffer overflow.
• Operations: during this stage, patch updates must be installed in a timely fashion. In early 2003, sites that had diligently applied Microsoft SQL Server updates were spared the impact of the Slammer worm that did serious damage to thousands of systems.

Beyond the technical, Secure Coding sheds new light on the economic, psychological, and sheer practical reasons why security vulnerabilities are so ubiquitous today. It presents a new way of thinking about these vulnerabilities and ways that developers can compensate for the factors that have produced such unsecured software in the past. It issues a challenge to all those concerned about computer security to finally make a commitment to building code the right way.

Books with free ebook downloads available Free Secure Coding: Principles and Practices [Paperback]

• Product Details
• Table of Contents
• Reviews

• Paperback: 200 pages
• Publisher: O'Reilly Media; 1st edition (July 2003)
• Language: English
• ISBN-10: 0596002424
• ISBN-13: 978-0596002428
• Product Dimensions: 9.1 x 6 x 0.6 inches
• Shipping Weight: 10.6 ounces

Free Secure Coding: Principles and Practices

In the 11th century, Moses Maimonides taught us that the highest form of charity is to teach a man to fish. If you give him a fish, he can eat today. If you teach him to fish he can eat forever.

In the same way, Mark G. Graff and Kenneth R. van Wyk have provided an excellent book that gives us a framework for thinking about security rather than trying to give specific rules that might have been invalid before the book came off the press. "Secure Coding" gives the reader the ability to envision, architect, design, code, and implement a security framework that truly meets the needs of its stakeholders.

The authors don't provide a cookbook. In their own words: "When you picked up this book, perhaps you thought that we could provide certain security? Sadly, no one can."

Instead, they deliver a robust mental model and a framework to understand security and to architect, design, develop, and operate secure systems. They present best practices in the field of security, the reasons for using them, and suggestions on deciding which practices are appropriate in your particular case.

Their approach is to realize that the objective is not to make a system totally secure, but to make it just secure enough. Deciding what is "just secure enough" is a business and not a technical decision. It is based on weighing risk versus cost.

There are substantial references throughout the book as well as an appendix of resources. The book is filled with examples of security failures and, more importantly, an excellent post mortem on each to show what could have been done to avoid the problem. The authors are extremely familiar with UNIX environments and this comes through in the examples. However, you don't need to be a UNIX guru to glean valuable lessons from the examples.

Download Link 1 - Download Link 2