Building Secure Software : How to Avoid Security Problems the Right Way,9780201721522

Building Secure Software : How to Avoid Security Problems the Right Way

by ;
Edition: 1st
ISBN13: 9780201721522
ISBN10: 020172152X
Format: Hardcover
Pub. Date: 2002-01-01
Publisher(s): Addison-Wesley Professional
Upgraded Edition: Click here!
  • Free Shipping Icon

    This Item Qualifies for Free Shipping!*

    *Excludes marketplace orders.

List Price: $62.99

Rent Textbook

Select for Price
Add to Cart
There was a problem. Please try again later.

Rent Digital

Rent Digital Options
Online:1825 Days access
Downloadable:Lifetime Access
$69.59
$69.59
Add to Cart

New Textbook

We're Sorry
Sold Out

Used Textbook

We're Sorry
Sold Out

Buy from our Marketplace starting at $4.64

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

Most organizations have a firewall, antivirus software, and intrusion detection systems, all of which are intended to keep attackers out. So why is computer security a bigger problem today than ever before? The answer is simple--bad software lies at the heart of all computer security problems. Traditional solutions simply treat the symptoms, not the problem, and usually do so in a reactive way. This book teaches you how to take a proactive approach to computer security. Building Secure Softwarecuts to the heart of computer security to help you get security right the first time. If you are serious about computer security, you need to read this book, which includes essential lessons for both security professionals who have come to realize that software is the problem, and software developers who intend to make their code behave. Written for anyone involved in software development and use-from managers to coders-this book is your first step toward building more secure software. Building Secure Softwareprovides expert perspectives and techniques to help you ensure the security of essential software. If you consider threats and vulnerabilities early in the devel-opment cycle you can build security into your system. With this book you will learn how to determine an acceptable level of risk, develop security tests, and plug security holes before software is even shipped. Inside you'll find the ten guiding principles for software security, as well as detailed coverage of: Software risk management for security Selecting technologies to make your code more secure Security implications of open source and proprietary software How to audit software The dreaded buffer overflow Access control and password authentication Random number generation Applying cryptography Trust management and input Client-side security Dealing with firewalls Only by building secure software can you defend yourself against security breaches and gain the confidence that comes with knowing you won't have to play the "penetrate and patch" game anymore. Get it right the first time. Let these expert authors show you how to properly design your system; save time, money, and credibility; and preserve your customers'trust.

Table of Contents

Forewordp. xix
Prefacep. xxiii
Organizationp. xxiv
Code Examplesp. xxv
Contacting Usp. xxvi
Acknowledgmentsp. xxvii
Introduction to Software Securityp. 1
It's All about the Softwarep. 2
Dealing with Widespread Security Failuresp. 6
Bugtraqp. 7
CERT Advisoriesp. 8
RISKS Digestp. 8
Technical Trends Affecting Software Securityp. 9
The 'ilitiesp. 13
What Is Security?p. 14
Isn't That Just Reliability?p. 15
Penetrate and Patch Is Badp. 15
On Art and Engineeringp. 17
Security Goalsp. 18
Preventionp. 19
Traceability and Auditingp. 19
Monitoringp. 20
Privacy and Confidentialityp. 20
Multilevel Securityp. 21
Anonymityp. 21
Authenticationp. 22
Integrityp. 23
Know Your Enemy: Common Software Security Pitfallsp. 24
Software Project Goalsp. 26
Conclusionp. 27
Managing Software Security Riskp. 29
An Overview of Software Risk Management for Securityp. 30
The Role of Security Personnelp. 32
Software Security Personnel in the Life Cyclep. 34
Deriving Requirementsp. 34
Risk Assessmentp. 35
Design for Securityp. 37
Implementationp. 38
Security Testingp. 38
A Dose of Realityp. 39
Getting People to Think about Securityp. 40
Software Risk Management in Practicep. 40
When Development Goes Astrayp. 41
When Security Analysis Goes Astrayp. 41
The Common Criteriap. 43
Conclusionp. 46
Selecting Technologiesp. 49
Choosing a Languagep. 49
Choosing a Distributed Object Platformp. 54
CORBAp. 54
DCOMp. 56
EJB and RMIp. 58
Choosing an Operating Systemp. 59
Authentication Technologiesp. 61
Host-Based Authenticationp. 61
Physical Tokensp. 63
Biometric Authenticationp. 64
Cryptographic Authenticationp. 66
Defense in Depth and Authenticationp. 66
Conclusionp. 67
On Open Source and Closed Sourcep. 69
Security by Obscurityp. 70
Reverse Engineeringp. 73
Code Obfuscationp. 74
Security for Shrink-Wrapped Softwarep. 75
Security by Obscurity Is No Panaceap. 75
The Flip Side: Open-Source Softwarep. 75
Is the "Many-Eyeballs Phenomenon" Real?p. 76
Why Vulnerability Detection Is Hardp. 79
Other Worriesp. 81
On Publishing Cryptographic Algorithmsp. 82
Two More Open-Source Fallaciesp. 82
The Microsoft Fallacyp. 82
The Java Fallacyp. 83
An Example: GNU Mailman Securityp. 84
More Evidence: Trojan Horsesp. 85
To Open Source or Not to Open Sourcep. 86
Another Security Lesson from Buffer Overflowsp. 87
Beating the Drump. 88
Conclusionp. 89
Guiding Principles for Software Securityp. 91
Secure the Weakest Linkp. 93
Practice Defense in Depthp. 96
Fail Securelyp. 97
Follow the Principle of Least Privilegep. 100
Compartmentalizep. 102
Keep It Simplep. 104
Promote Privacyp. 107
Remember That Hiding Secrets Is Hardp. 109
Be Reluctant to Trustp. 111
Use Your Community Resourcesp. 112
Conclusionp. 113
Auditing Softwarep. 115
Architectural Security Analysisp. 118
Attack Treesp. 120
Reporting Analysis Findingsp. 125
Implementation Security Analysisp. 126
Auditing Source Codep. 127
Source-level Security Auditing Toolsp. 128
Using RATS in an Analysisp. 130
The Effectiveness of Security Scanning of Softwarep. 132
Conclusionp. 133
Buffer Overflowsp. 135
What Is a Buffer Overflow?p. 138
Why Are Buffer Overflows a Security Problem?p. 139
Defending against Buffer Overflowp. 141
Major Gotchasp. 142
Internal Buffer Overflowsp. 147
More Input Overflowsp. 148
Other Risksp. 149
Tools That Can Helpp. 150
Smashing Heaps and Stacksp. 151
Heap Overflowsp. 155
Stack Overflowsp. 159
Decoding the Stackp. 160
To Infinity ... and Beyond!p. 165
Attack Codep. 177
A UNIX Exploitp. 178
What About Windows?p. 185
Conclusionp. 185
Access Controlp. 187
The UNIX Access Control Modelp. 187
How UNIX Permissions Workp. 189
Modifying File Attributesp. 190
Modifying Ownershipp. 193
The umaskp. 194
The Programmatic Interfacep. 195
Setuid Programmingp. 197
Access Control in Windows NTp. 202
Compartmentalizationp. 204
Fine-Grained Privilegesp. 207
Conclusionp. 208
Race Conditionsp. 209
What Is a Race Condition?p. 210
Time-of-Check, Time-of-Usep. 214
Broken passwdp. 216
Avoiding TOCTOU Problemsp. 219
Secure File Accessp. 222
Temporary Filesp. 225
File Lockingp. 226
Other Race Conditionsp. 227
Conclusionp. 229
Randomness and Determinismp. 231
Pseudo-random Number Generatorsp. 232
Examples of PRNGsp. 234
The Blum-Blum-Shub PRNGp. 236
The Tiny PRNGp. 237
Attacks Against PRNGsp. 238
How to Cheat in On-line Gamblingp. 238
Statistical Tests on PRNGsp. 241
Entropy Gathering and Estimationp. 241
Hardware Solutionsp. 242
Software Solutionsp. 245
Poor Entropy Collection: How to Read "Secret" Netscape Messagesp. 254
Handling Entropyp. 255
Practical Sources of Randomnessp. 258
Tinyp. 259
Random Numbers for Windowsp. 260
Random Numbers for Linuxp. 260
Random Numbers in Javap. 263
Conclusionp. 265
Applying Cryptographyp. 267
General Recommendationsp. 268
Developers Are Not Cryptographersp. 268
Data Integrityp. 270
Export Lawsp. 271
Common Cryptographic Librariesp. 272
Cryptlibp. 272
OpenSSLp. 274
Crypto++p. 275
BSAFEp. 277
Cryptixp. 278
Programming with Cryptographyp. 279
Encryptionp. 280
Hashingp. 286
Public Key Encryptionp. 287
Threadingp. 293
Cookie Encryptionp. 293
More Uses for Cryptographic Hashesp. 295
SSL and TLS (Transport Layer Security)p. 297
Stunnelp. 299
One-Time Padsp. 301
Conclusionp. 305
Trust Management and Input Validationp. 307
A Few Words on Trustp. 308
Examples of Misplaced Trustp. 311
Trust Is Transitivep. 311
Protection from Hostile Callersp. 314
Invoking Other Programs Safelyp. 319
Problems from the Webp. 322
Client-side Securityp. 325
Perl Problemsp. 327
Format String Attacksp. 329
Automatically Detecting Input Problemsp. 331
Conclusionp. 334
Password Authenticationp. 335
Password Storagep. 336
Adding Users to a Password Databasep. 339
Password Authenticationp. 350
Password Selectionp. 356
More Advicep. 358
Throwing Dicep. 358
Passphrasesp. 362
Application-Selected Passwordsp. 363
One-Time Passwordsp. 365
Conclusionp. 379
Database Securityp. 381
The Basicsp. 382
Access Controlp. 383
Using Views for Access Controlp. 385
Field Protectionp. 387
Security against Statistical Attacksp. 391
Conclusionp. 396
Client-side Securityp. 397
Copy Protection Schemesp. 400
License Filesp. 409
Thwarting the Casual Piratep. 411
Other License Featuresp. 412
Other Copy Protection Schemesp. 413
Authenticating Untrusted Clientsp. 414
Tamperproofingp. 415
Antidebugger Measuresp. 416
Checksumsp. 418
Responding to Misusep. 419
Decoysp. 421
Code Obfuscationp. 421
Basic Obfuscation Techniquesp. 422
Encrypting Program Partsp. 423
Conclusionp. 426
Through the Firewallp. 427
Basic Strategiesp. 427
Client Proxiesp. 430
Server Proxiesp. 432
SOCKSp. 433
Peer to Peerp. 435
Conclusionsp. 437
Cryptography Basicsp. 439
The Ultimate Goals of Cryptographyp. 440
Attacks on Cryptographyp. 442
Types of Cryptographyp. 444
Symmetric Cryptographyp. 444
Types of Symmetric Algorithmsp. 445
Security of Symmetric Algorithmsp. 447
Public Key Cryptographyp. 451
Cryptographic Hashing Algorithmsp. 457
Other Attacks on Cryptographic Hashesp. 460
What's a Good Hash Algorithm to Use?p. 461
Digital Signaturesp. 462
Conclusionsp. 464
Referencesp. 465
Indexp. 471
Table of Contents provided by Syndetics. All Rights Reserved.

Excerpts

"A book is a machine to think with." --I.A. RichardsPRINCIPLES OF LITERARY CRITICISM This book exists to help people involved in the software development process learn the principles necessary for building secure software. The book is intended foranyoneinvolved in software development, from managers to coders, although it contains the low-level detail that is most applicable to programmers. Specific code examples and technical details are presented in the second part of the book. The first part is more general and is intended to set an appropriate context for building secure software by introducing security goals, security technologies, and the concept of software risk management. There are plenty of technical books that deal with computer security, but until now, none have applied significant effort to the topic of developing secure programs. If you want to learn how to set up a firewall, lock down a single host, or build a virtual private network, there are other resources to which to turn outside this book. Because most security books are intended to address the pressing concerns of network-level security practitioners, they tend to focus on how to promote secrecy and how to protect networked resources in a world in which software is chronically broken. Unfortunately, many security practitioners have gotten used to a world in which having security problems in software is common, and even acceptable. Some people even assume that it is too hard to get developers to build secure software, so they don't raise the issue. Instead, they focus their efforts on "best-practice" network security solutions, erecting firewalls, and trying to detect intrusions and patch known security problems in a timely manner. We are optimistic that the problem of bad software security can be addressed. The truth is, writing programs that have no security flaws in themisdifficult. However, we assert that writing a "secure-enough" program is much easier than writing a completely bug-free program. Should people give up on removing bugs from software just because it's essentially impossible to eliminate them all? Of course not. By the same token, people shouldn't just automatically throw in the software security towel before they even understand the problem. A little bit of education can go a long way. One of the biggest reasons why so many products have security problems is that many technologists involved in the development process have never learned very much about how to produce secure code. One problem is that until now there have been very few places to turn for good information. A goal of this book is to close the educational gap and to arm software practitioners with the basic techniques necessary to write secure programs. This said, you should not expect to eradicate all security problems in your software simply by reading this book. Claiming that this book provides a silver bullet for security would ignore the realities of how difficult it is to secure computer software. We don't ignore reality--we embrace it, by treating software security as a risk management problem. In the real world, your software will likely never be totally secure. First of all, there is no such thing as 100% security. Most software has security risks that can be exploited. It's a matter of how much money and effort are required to break the system in question. Even if your software is bug free and your servers are protected by firewalls, someone who wants to target you may get an insider to attack you. Or they may perform a "black bag" (break-in) operation. Because security is complicated and is a system-wide property, we not only provide general principles for secure software design, but we also focus on the most common risks, and how to mitigate them. Organization This book is divided into two parts. The first part focuses on the things you should know about software securi

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.