Building Secure Software: How to Avoid Security Problems the Right Way / Edition 1

Hardcover (Print)
Buy Used
Buy Used from BN.com
$44.99
(Save 25%)
Item is in good condition but packaging may have signs of shelf wear/aging or torn packaging.
Condition: Used – Good details
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 96%)
Other sellers (Hardcover)
  • All (21) from $1.99   
  • New (3) from $35.99   
  • Used (18) from $1.99   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$35.99
Seller since 2005

Feedback rating:

(49284)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
SHIPS FAST! via UPS(AK/HI Priority Mail) within 24 hours/ NEW book

Ships from: Columbia, MO

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$115.00
Seller since 2014

Feedback rating:

(162)

Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
$115.00
Seller since 2014

Feedback rating:

(162)

Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Close
Sort by

Overview

Most organizations have a firewall, anti-virus software, and intrusion detection systems, all intended to keep attackers out. So why is it that computer security is a bigger problem than ever before? The answer is simple--bad software lies at the heart of all computer security problems. Point solutions based on watching the network simply treat symptoms of the problem, and usually in a reactive way. If you are serious about computer security, you need to read this book.

This book includes many essential lessons intended for both security professionals, who have come to realize that software is the problem, and software developers, who intend to make their code behave.

Welcome to Building Secure Software, the book that cuts to the heart of computer security to help you get security right the first time. Make your software behave the way you want it to, and do security the right way.

Building Secure Software provides the expertise and techniques to help you ensure the security of essential software. By considering threats and vulnerabilities early in the development cycle, security that actually works can be built into your system. You'll learn how to determine an acceptable level of risk, develop security tests, and plug security holes before software is even shipped. Written for anyone involved in software development and use, from managers to coders, this book is your first step to building more secure software.

Inside you'll find the ten guiding principles for software security, as well as detailed coverage of:

  • Software risk management for security
  • Selecting technologies to make your code more secure
  • Security implications of open source and proprietary software
  • How to audit software
  • The dreaded buffer overflow
  • Access control and password authentication
  • Random number generation
  • Applying cryptography
  • Trust management and input
  • Client-Side security
  • Dealing with firewalls
Only by building secure software can you defend yourself against security breaches and gain the confidence that comes with knowing you won't have to play the "penetrate and patch" game anymore. Wouldn't you rather design things properly and thoroughly test your system than have your problems announced to the world on the front page? Let these expert authors help save you time, money, credibility, and your customer's trust.
Read More Show Less

Product Details

  • ISBN-13: 9780201721522
  • Publisher: Addison-Wesley
  • Publication date: 10/28/2001
  • Series: Professional Computing Series
  • Edition description: New Edition
  • Edition number: 1
  • Pages: 528
  • Product dimensions: 7.56 (w) x 9.38 (h) x 1.25 (d)

Meet the Author

John Viega, a leading security expert at Cigital/Reliable Software Technologies, has created many security tools, and is an active member of the Software Security Group. Gary McGraw, Vice President, Corporate Technology at Cigital, is a noted authority on mobile code and Java security. He chairs the National Infosec Research Council's Malicious Code Group, and is a consultant for VISA and the U.S. Federal Reserve.
Read More Show Less

Read an Excerpt

"A book is a machine to think with."
—I.A. Richards PRINCIPLES OF LITERARY CRITICISM

This book exists to help people involved in the software development process learn the principles necessary for building secure software. The book is intended for anyone involved in software development, from managers to coders, although it contains the low-level detail that is most applicable to programmers. Specific code examples and technical details are presented in the second part of the book. The first part is more general and is intended to set an appropriate context for building secure software by introducing security goals, security technologies, and the concept of software risk management.

There are plenty of technical books that deal with computer security, but until now, none have applied significant effort to the topic of developing secure programs. If you want to learn how to set up a firewall, lock down a single host, or build a virtual private network, there are other resources to which to turn outside this book. Because most security books are intended to address the pressing concerns of network-level security practitioners, they tend to focus on how to promote secrecy and how to protect networked resources in a world in which software is chronically broken.

Unfortunately, many security practitioners have gotten used to a world in which having security problems in software is common, and even acceptable. Some people even assume that it is too hard to get developers to build secure software, so they don't raise the issue. Instead, they focus their efforts on "best-practice" network security solutions, erecting firewalls, and trying to detect intrusions and patch known security problems in a timely manner.

We are optimistic that the problem of bad software security can be addressed. The truth is, writing programs that have no security flaws in them is difficult. However, we assert that writing a "secure-enough" program is much easier than writing a completely bug-free program. Should people give up on removing bugs from software just because it's essentially impossible to eliminate them all? Of course not. By the same token, people shouldn't just automatically throw in the software security towel before they even understand the problem.

A little bit of education can go a long way. One of the biggest reasons why so many products have security problems is that many technologists involved in the development process have never learned very much about how to produce secure code. One problem is that until now there have been very few places to turn for good information. A goal of this book is to close the educational gap and to arm software practitioners with the basic techniques necessary to write secure programs.

This said, you should not expect to eradicate all security problems in your software simply by reading this book. Claiming that this book provides a silver bullet for security would ignore the realities of how difficult it is to secure computer software. We don't ignore reality—we embrace it, by treating software security as a risk management problem.

In the real world, your software will likely never be totally secure. First of all, there is no such thing as 100% security. Most software has security risks that can be exploited. It's a matter of how much money and effort are required to break the system in question. Even if your software is bug free and your servers are protected by firewalls, someone who wants to target you may get an insider to attack you. Or they may perform a "black bag" (break-in) operation. Because security is complicated and is a system-wide property, we not only provide general principles for secure software design, but we also focus on the most common risks, and how to mitigate them.

Organization

This book is divided into two parts. The first part focuses on the things you should know about software security before you even think about producing code. We focus on how to integrate security into your software engineering practice. Emphasis is placed on methodologies and principles that reduce security risk by getting started early in the development life cycle. Designing security into a system from the beginning is much easier and orders of magnitude cheaper than retrofitting a system for security later. Not only do we focus on requirements and design, we also provide significant emphasis on analyzing the security of a system, which we believe to be a critical skill. The first part of this book should be of general interest to anyone involved in software development at any level, from business-level leadership to developers in the trenches.

In the second part, we get our hands dirty with implementation-level issues. Even with a solid architecture, there is plenty of room for security problems to be introduced at development time. We show developers in gory detail how to recognize and to avoid common implementation-level problems such as buffer overflows and race conditions. The second part of the book is intended for those who feel comfortable around code.

We purposely cover material that we believe to be of general applicability. That is, unless a topic is security critical, we try to stay away from anything that is dependent on a particular operating system or programming language. For example, we do not discuss POSIX "capabilities" because they are not widely implemented. However, we devote an entire chapter to buffer overflows because they are a problem of extraordinary magnitude, even though a majority of buffer overflows are specific to C and C++.

Because our focus is on technologies that are applicable at the broadest levels, there are plenty of worthy technologies that we do not cover, including Kerberos, PAM (pluggable authentication modules), and mobile code sandboxing, to name a few. Many of these technologies merit their own books (although not all of them are adequately covered today). This book's companion Web site, http://www.buildingsecuresoftware.com/, provides links to information sources covering interesting security technologies that we left out.

Code Examples

Although we cover material that is largely language independent, most of our examples are written in C, mainly because it is so widely used, but also because it is harder to get things right in C than in other languages. Porting our example code to other programming languages is often a matter of finding the right calls or constructs for the target programming language. However, we do include occasional code examples in Python, Java, and Perl, generally in situations in which those languages are significantly different from C. All of the code in this book is available at

http://www.buildingsecuresoftware.com/.

There is a large UNIX bias to this book even though we tried to stick to operating system-independent principles. We admit that our coverage of specifics for other operating systems, particularly Windows, leaves something to be desired. Although Windows NT is loosely POSIX compliant, in reality Windows programmers tend not to use the POSIX application programming interface (API). For instance, we hear that most Windows programmers do not use the standard C string library, in favor of Unicode string-handling routines. As of this writing, we still don't know which common functions in the Windows API are susceptible to buffer overflow calls, so we can't provide a comprehensive list. If someone creates such a list in the future, we will gladly post it on the book's Web site.

The code we provide in this book has all been tested on a machine running stock Red Hat 6.2. Most of it has been tested on an OpenBSD machine as well. However, we provide the code on an "as-is" basis. We try to make sure that the versions of the code posted on the Web site are as portable as possible; but be forewarned, our available resources for ensuring portability are low. We may not have time to help people who can't get code to compile on a particular architecture, but we will be very receptive to readers who send in patches.

Contacting Us

We welcome electronic mail from anyone with comments, bug fixes, or other suggestions. Please contact us through

http://www.buildingsecuresoftware.com.

Read More Show Less

Table of Contents

Preface
Organization
Code Examples
Acknowledgements
Contacting Us
1: Introduction to Software Security
It's all about the Software
Dealing with Widespread Security Failures
Technical Trends Affecting Software Security
The 'ilities
What is Security?
Isn't that just reliability?
Penetrate and Patch is Bad
On Art and Engineering
Security Goals
Prevention
Traceability and Auditing Monitoring
Privacy and Confidentiality
Multi-level security
Anonymity
Authentication
Integrity
Know Your Enemy: Common software security pitfalls
Threats Against Software
Software Project Goals
Software Security means Good Software
SIDEBAR
Hackers, Crackers, and Attackers
Who is the bad guy?
2: Managing Software Security Risk
An Overview of Software Risk Management for Security
The Role of Security Personne
Software Security Personnel in the Lifecycle
Deriving Requirements
Risk Assessment
Design for Security
Implementation
Security Testing
A Dose of Reality
Getting People to Think about Security
Software Risk Management in Practice
When Development Goes Astray
When Security Analysis Goes Astray
Black box testing
Red teaming
The Common Criteria
Software Risk Management for Security
3: Selecting Technologies
Choosing a Language
Choosing a Distributed Object Platform
CORBA
DCOM
EJB and RMI
Choosing an Operating System
Authentication Technologies
Host-based authentication
Physical Tokens
Biometric Authentication
Cryptographic authentication
Defense in depth and authentication
Conclusion
4: On Open Source and Closed Source
Security by Obscurity
Reverse Engineering
Code Obfuscation
Security for Shrink-Wrapped Software
Security by obscurity is no panacea
The Flip-Side: Open Source Software
Is the many eyeballs phenomenon real?
Why vulnerability detection is hard
Other Worries
On publishing crypto algorithms
Two more open source fallacies
The Microsoft fallacy
The Java fallacy
An example: GNU Mailman security
More evidence: Trojan horses
To open source or not to open source
Another security lesson from buffer overflows
Beating the Drum
Conclusion
5: Guiding Principles for Software Security
Principle 1: Secure the weakest link
Principle 2: Practice defense in depth
Principle 3: Fail securely
Principle 4: Follow the principle of least privilege
Principle 5: Compartmentalize
Principle 6: Keep it simple
Principle 7: Promote privacy
Principle 8: Remember that hiding secrets is hard
Principle 9: Be reluctant to trust
Principle 10: Use your community resources
Conclusion
6: Auditing Software
Architectural Security Analysis
Attack Trees
Reporting analysis findings
Implementation Security Analysis
Auditing source code
ITS4
Using ITS4 in an analysis
Conclusion
7: Buffer Overflows
What is a Buffer Overflow?
Why Are Buffer Overflows A Security Problem?
Defending against buffer overflow
Major Gotchas
Internal buffer overflows
More Input Overflows
Other Risks
Tools That Can Help
Smashing stacks
Heap Overflows
Memory address
Variable
Contents
Stack Overflows
Decoding the stack
To infinity.. and beyond!
Attack code
A Unix Exploit
What about Windows?
In Conclusion
SIDEBAR: Buffer Overflow, Deja vu All Over Again
8: Access Control
The Unix Access Control Model
How Unix Permissions Work
Modifying file attributes
Modifying Ownership
The umask
The programmatic interface
Setuid Programming
Access Control in Windows NT
Compartmentalization
Fine-Grained Privileges
9: Race Conditions
What is a Race Condition? Time of Check, Time of Use
Broken passwd
Avoiding TOCTOU Problems
Secure File Access
Temporary files
File Locking
Other Race Conditions
Java 2 policy manipulation
Conclusion
10: Randomness and Determinism
Pseudo-random number generators
Examples of PRNGs
The Blum-Blum-Shub PRNG
The Yarrow-AES PRNG
Attacks against PRNGs
How to cheat in online gambling
Statistical tests on PRNGs
Entropy Gathering and Estimation
Hardware solutions
Software solutions
Poor entropy collection: How to read "secret" Netscape messages
Handling Entropy
Statistical Tests Revisited
Practical sources of randomness
Yarrow
Random numbers for Windows
Random numbers for Linux
Random numbers in Java
Conclusion
11: Applying Cryptography
General recommendations
Developers are not Cryptographers
Data Integrity
Export Laws
Common Crypto Libraries
Cryptlib
OpenSSL
Crypto++
BSAFE
Cryptix
Programming with Cryptography
Encryption
Hashing
Public Key Encryption
Threading
Cookie Encryption
More uses for cryptographic hashes
SSL and TLS
Stunnel
One-time pads
The Catch
Conclusion
12: Trust Management and Input Validation
A few words on trust
Examples of Misplaced Trust
Trust Is Transitive
Protection from hostile callers
Invoking other programs safely
Problems from the Web
Client-side security
Perl Problems
Format String Attacks
Automatically Detecting Input Problems
It Pays to be Paranoid
13: Password Authentication
Password Storage
Adding users to a password database
Password Authentication
Password Selection
More advice
Throwing dice
Passphrases
Application-selected passwords
One-Time Passwords
Conclusion
14: Database Security
The Basics
Access Control
Using Views for Access Control
Field Protection
Security against statistical attacks
Conclusion
15: Client-side Security
Copy Protection Schemes
License files
Thwarting the Casual Pirate
Other License Features
Other Copy Protection Schemes
Authenticating Untrusted Clients
Tamperproofing
Anti-Debugger Measures
Checksums
Responding to Misuse
Decoys
Code Obfuscation
Basic Obfuscation Techniques
Encrypting Program Parts
Conclusion
16: Through the Firewall
Basic Strategies
Client Proxies
Server Proxies
SOCKS
Peer-to-Peer
Conclusions
Appendix A: Cryptography Basics
The Ultimate Goals of Cryptography
Attacks on Cryptography
Types of Cryptography
Symmetric Cryptography
Types of Symmetric Algorithms
Security of Symmetric Algorithms
Public Key Cryptography
Attacks Against Public Key Cryptography
Cryptographic Hashing Algorithms
Other attacks on cryptographic hashes
What's a good hash algorithm to use?
Digital Signatures
Conclusions
References
Index
Read More Show Less

Preface

"A book is a machine to think with."
--I.A. Richards PRINCIPLES OF LITERARY CRITICISM

This book exists to help people involved in the software development process learn the principles necessary for building secure software. The book is intended for anyone involved in software development, from managers to coders, although it contains the low-level detail that is most applicable to programmers. Specific code examples and technical details are presented in the second part of the book. The first part is more general and is intended to set an appropriate context for building secure software by introducing security goals, security technologies, and the concept of software risk management.

There are plenty of technical books that deal with computer security, but until now, none have applied significant effort to the topic of developing secure programs. If you want to learn how to set up a firewall, lock down a single host, or build a virtual private network, there are other resources to which to turn outside this book. Because most security books are intended to address the pressing concerns of network-level security practitioners, they tend to focus on how to promote secrecy and how to protect networked resources in a world in which software is chronically broken.

Unfortunately, many security practitioners have gotten used to a world in which having security problems in software is common, and even acceptable. Some people even assume that it is too hard to get developers to build secure software, so they don't raise the issue. Instead, they focus their efforts on "best-practice" network security solutions, erecting firewalls, and trying to detect intrusions and patch known security problems in a timely manner.

We are optimistic that the problem of bad software security can be addressed. The truth is, writing programs that have no security flaws in them is difficult. However, we assert that writing a "secure-enough" program is much easier than writing a completely bug-free program. Should people give up on removing bugs from software just because it's essentially impossible to eliminate them all? Of course not. By the same token, people shouldn't just automatically throw in the software security towel before they even understand the problem.

A little bit of education can go a long way. One of the biggest reasons why so many products have security problems is that many technologists involved in the development process have never learned very much about how to produce secure code. One problem is that until now there have been very few places to turn for good information. A goal of this book is to close the educational gap and to arm software practitioners with the basic techniques necessary to write secure programs.

This said, you should not expect to eradicate all security problems in your software simply by reading this book. Claiming that this book provides a silver bullet for security would ignore the realities of how difficult it is to secure computer software. We don't ignore reality--we embrace it, by treating software security as a risk management problem.

In the real world, your software will likely never be totally secure. First of all, there is no such thing as 100% security. Most software has security risks that can be exploited. It's a matter of how much money and effort are required to break the system in question. Even if your software is bug free and your servers are protected by firewalls, someone who wants to target you may get an insider to attack you. Or they may perform a "black bag" (break-in) operation. Because security is complicated and is a system-wide property, we not only provide general principles for secure software design, but we also focus on the most common risks, and how to mitigate them.

Organization

This book is divided into two parts. The first part focuses on the things you should know about software security before you even think about producing code. We focus on how to integrate security into your software engineering practice. Emphasis is placed on methodologies and principles that reduce security risk by getting started early in the development life cycle. Designing security into a system from the beginning is much easier and orders of magnitude cheaper than retrofitting a system for security later. Not only do we focus on requirements and design, we also provide significant emphasis on analyzing the security of a system, which we believe to be a critical skill. The first part of this book should be of general interest to anyone involved in software development at any level, from business-level leadership to developers in the trenches.

In the second part, we get our hands dirty with implementation-level issues. Even with a solid architecture, there is plenty of room for security problems to be introduced at development time. We show developers in gory detail how to recognize and to avoid common implementation-level problems such as buffer overflows and race conditions. The second part of the book is intended for those who feel comfortable around code.

We purposely cover material that we believe to be of general applicability. That is, unless a topic is security critical, we try to stay away from anything that is dependent on a particular operating system or programming language. For example, we do not discuss POSIX "capabilities" because they are not widely implemented. However, we devote an entire chapter to buffer overflows because they are a problem of extraordinary magnitude, even though a majority of buffer overflows are specific to C and C++.

Because our focus is on technologies that are applicable at the broadest levels, there are plenty of worthy technologies that we do not cover, including Kerberos, PAM (pluggable authentication modules), and mobile code sandboxing, to name a few. Many of these technologies merit their own books (although not all of them are adequately covered today). This book's companion Web site, http://www.buildingsecuresoftware.com/, provides links to information sources covering interesting security technologies that we left out.

Code Examples

Although we cover material that is largely language independent, most of our examples are written in C, mainly because it is so widely used, but also because it is harder to get things right in C than in other languages. Porting our example code to other programming languages is often a matter of finding the right calls or constructs for the target programming language. However, we do include occasional code examples in Python, Java, and Perl, generally in situations in which those languages are significantly different from C. All of the code in this book is available at

http://www.buildingsecuresoftware.com/.

There is a large UNIX bias to this book even though we tried to stick to operating system-independent principles. We admit that our coverage of specifics for other operating systems, particularly Windows, leaves something to be desired. Although Windows NT is loosely POSIX compliant, in reality Windows programmers tend not to use the POSIX application programming interface (API). For instance, we hear that most Windows programmers do not use the standard C string library, in favor of Unicode string-handling routines. As of this writing, we still don't know which common functions in the Windows API are susceptible to buffer overflow calls, so we can't provide a comprehensive list. If someone creates such a list in the future, we will gladly post it on the book's Web site.

The code we provide in this book has all been tested on a machine running stock Red Hat 6.2. Most of it has been tested on an OpenBSD machine as well. However, we provide the code on an "as-is" basis. We try to make sure that the versions of the code posted on the Web site are as portable as possible; but be forewarned, our available resources for ensuring portability are low. We may not have time to help people who can't get code to compile on a particular architecture, but we will be very receptive to readers who send in patches.

Contacting Us

We welcome electronic mail from anyone with comments, bug fixes, or other suggestions. Please contact us through

http://www.buildingsecuresoftware.com.

020172152XP09242001

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)