Designing Secure Software: A Guide for Developers

  • 6h 20m
  • Loren Kohnfelder
  • No Starch Press
  • 2021

Designing Secure Software consolidates Loren Kohnfelder’s more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process.

The book begins with a discussion of core concepts like trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book’s most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities.

You’ll learn how to:

  • Identify important assets, the attack surface, and the trust boundaries in a system
  • Evaluate the effectiveness of various threat mitigation candidates
  • Work with well-known secure coding patterns and libraries
  • Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more
  • Use security testing to proactively identify vulnerabilities introduced into code
  • Review a software design for security flaws effectively and without judgment

Intellectual adventurers of all kinds can use the powerful ideas covered in Deep Learning: A Visual Approach to build intelligent systems that help us better understand the world and everyone who lives in it. It’s the future of AI, and this book allows you to fully envision it.

About the Author

Loren Kohnfelder has over 20 years of experience working in the security industry for companies like Microsoft and Google. At Microsoft, he was a key contributor to the industry’s first formalized proactive security process methodology, and program-managed the .NET platform security effort. He was also a key contributor to the first organized approach to security by any major software platform company. At Google he worked as a software engineer on the Security team and as a founding member of the Privacy team, performing numerous security design reviews of large-scale complex real-world commercial platforms and systems, while working on various projects as a developer. Now retired, Kohnfelder shares his unique experience in industry through this book.

In this Book

  • Foreword
  • Introduction
  • Foundations
  • Threats
  • Mitigation
  • Patterns
  • Cryptography
  • Secure Design
  • Security Design Reviews
  • Secure Programming
  • Low-Level Coding Flaws
  • Untrusted Input
  • Web Security
  • Security Testing
  • Secure Development Best Practices
  • Afterword
SHOW MORE
FREE ACCESS

YOU MIGHT ALSO LIKE

Course Software Design and Development: Object-oriented Analysis and Design
Rating 4.5 of 76 users Rating 4.5 of 76 users (76)
Course Certified in Cybersecurity (CC): Security Governance, Policies, & Controls
Rating 4.6 of 123 users Rating 4.6 of 123 users (123)
Course Software Design and Development: Software Engineering & SDLC Phases
Rating 4.6 of 4717 users Rating 4.6 of 4717 users (4717)