Product Description
This is the Mobipocket version of the print book. “When it comes to software security, the devil is in the details. This book tackles the details.” –Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies “McGraw’s book shows you how to make the ‘culture of security’ part of your development lifecycle.” –Howard A. Schmidt, Former White House Cyber Security Advisor “McGraw is leading the charge in software security. His advice … More >>
Software Security: Building Security In
Tags: Building, Security, Software
#1 by Brian Chess on April 2, 2010 - 12:05 am
“How to be a script kiddie” it ain’t. This is a pragmatic book for people who’ve realized that doing software security right means more than paying a consultant to poke at your web site or sentencing programmers to the security version of traffic school. There’s a mountain of ideas in here–you’re not going to use it all on day one. Gary knows that though, and he does a good job of telling you how to get out of first gear.
My favorite topics:
How to do a worthwhile penetration test
How to wring security flaws out of a software architecture
Putting static analysis to work
Writing abuse cases
Good for: the person who needs to take your existing development process and bake security into it.
Bad for: wannabee black hats, people who think software security means single-sign on
Rating: 5 / 5
#2 by Howard A. Schmidt on April 2, 2010 - 12:48 am
When we look at all of the things that have contributed to cyber security issues there is one that has a potential to be solved above the rest, software security. While there are many “artistic” components to software development the need for good security development is more science then art and this book gives the reader the correct scientific approach to develop secure software. I reviewed the book because of it’s value to the development community and glad I was able to find such a valuable tool to talk about.
Rating: 5 / 5
#3 by L. Fabio Arciniegas on April 2, 2010 - 2:20 am
The world of software keeps evolving from the convoluted and obscure to the straightforward and usable. Google, Eclipse, Spring, they all succeed by distilling their domain to a few solid essentials.
This book is in sync with the times: it takes many lessons on software security and distills them to a handful of touchpoints that require almost nothing to be usable. No tie-ins to a methodology, just a clear set of points that can be injected right into your SDLC.
Rating: 5 / 5
#4 by Marcus J. Ranum on April 2, 2010 - 3:55 am
I was a technical reviewer and sounding-board for this book, so you may consider me biassed – but you shouldn’t. This is, simply, a topic I am passionate about.
Computer security is a disaster. Every day you hear about another flaw in some important piece of software – and some band-aid fix to try to keep the bad guys out for another week. Anyone with a brain can see that the band-aid approach isn’t working. What we need is better software. We need software that is designed to be rock solid and reliable. That’s what this book is about.
If you’re a developer, development manager, or executive of a company that produces software that I MAY SOMEDAY HAVE TO USE please read this book!!!! Gary lays out the places in a development process where you need to think about security, debunks the idea of penetration-testing and band-aiding bad software, and generally offers up reams of good commonsense about developing security-critical applications. With the current legislative landscape and the potential for software companies to be held liable for failures in their products, this is a very timely book.
mjr.
Rating: 5 / 5
#5 by Kenneth R. Van Wyk on April 2, 2010 - 4:34 am
I too was a reviewer and contributor to this book, so my views are no doubt biased.
That said, I firmly believe that this book defines the discipline and practices of software security better than all those that came before it — my own included.
Gary has provided here a blueprint for the “best practices” of software security in a clear, highly useful, and actionable format. Kudos for a superb effort!
Cheers,
Ken van Wyk
Rating: 5 / 5