What every software professional should know about security.
Designing Secure Software consolidates Loren Kohnfelder’s more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process.
The book begins with a discussion of core concepts like trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book’s most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities.
You’ll learn how to:
- Identify important assets, the attack surface, and the trust boundaries in a system
- Evaluate the effectiveness of various threat mitigation candidates
- Work with well-known secure coding patterns and libraries
- Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more
- Use security testing to proactively identify vulnerabilities introduced into code
- Review a software design for security flaws effectively and without judgment
Kohnfelder’s career, spanning decades at Microsoft and Google, introduced numerous software security initiatives, including the co-creation of the STRIDE threat modeling framework used widely today. This book is a modern, pragmatic consolidation of his best practices, insights, and ideas about the future of software.
Title Page Copyright Dedication About the Author Foreword Preface Acknowledgments Introduction Who Should Read This Book? What Topics Does the Book Cover? Part I: Concepts Part II: Design Part III: Implementation Conclusion Appendices Good, Safe Fun Part I: Concepts Chapter 1: Foundations Understanding Security Trust Feeling Trust You Cannot See Bits Competence and Imperfection Trust Is a Spectrum Trust Decisions Implicitly Trusted Components Being Trustworthy Classic Principles Information Security’s C-I-A The Gold Standard Privacy Chapter 2: Threats The Adversarial Perspective The Four Questions Threat Modeling Work from a Model Identify Assets Identify Attack Surfaces Identify Trust Boundaries Identify Threats Mitigate Threats Privacy Considerations Threat Modeling Everywhere Chapter 3: Mitigation Addressing Threats Structural Mitigation Strategies Minimize Attack Surfaces Narrow Windows of Vulnerability Minimize Data Exposure Access Policy and Access Controls Interfaces Communication Storage Chapter 4: Patterns Design Attributes Economy of Design Transparent Design Exposure Minimization Least Privilege Least Information Secure by Default Allowlists over Blocklists Avoid Predictability Fail Securely Strong Enforcement Complete Mediation Least Common Mechanism Redundancy Defense in Depth Separation of Privilege Trust and Responsibility Reluctance to Trust Accept Security Responsibility Anti-Patterns Confused Deputy Backflow of Trust Third-Party Hooks Unpatchable Components Chapter 5: Cryptography Crypto Tools Random Numbers Pseudo-Random Numbers Cryptographically Secure Pseudo-Random Numbers Message Authentication Codes Using MACs to Prevent Tampering Replay Attacks Secure MAC Communications Symmetric Encryption One-Time Pad Advanced Encryption Standard Using Symmetric Cryptography Asymmetric Encryption The RSA Cryptosystem Digital Signatures Digital Certificates Key Exchange Using Crypto Part II: Design Chapter 6: Secure Design Integrating Security in Design Making Design Assumptions Explicit Defining the Scope Setting Security Requirements Threat Modeling Building in Mitigations Designing Interfaces Designing Data Handling Integrating Privacy into Design Planning for the Full Software Life Cycle Making Trade-offs Design Simplicity Chapter 7: Security Design Reviews SDR Logistics Why Conduct an SDR? When to Conduct an SDR Documentation Is Essential The SDR Process 1. Study 2. Inquire 3. Identify 4. Collaborate 5. Write 6. Follow Up Assessing Design Security Using the Four Questions as Guidance Where to Dig Privacy Reviews Reviewing Updates Managing Disagreement Communicate Tactfully Case Study: A Difficult Review Escalating Disagreements Practice, Practice, Practice Part III: Implementation Chapter 8: Secure Programming The Challenge Malicious Influence Vulnerabilities Are Bugs Vulnerability Chains Bugs and Entropy Vigilance Case Study: GotoFail One-Line Vulnerability Beware of Footguns Lessons from GotoFail Coding Vulnerabilities Atomicity Timing Attacks Serialization The Usual Suspects Chapter 9: Low-Level Coding Flaws Arithmetic Vulnerabilities Fixed-Width Integer Vulnerabilities Floating-Point Precision Vulnerabilities Example: Floating-Point Underflow Example: Integer Overflow Safe Arithmetic Memory Access Vulnerabilities Memory Management Buffer Overflow Example: Memory Allocation Vulnerabilities Case Study: Heartbleed Chapter 10: Untrusted Input Input Validation Determining Validity Validation Criteria Rejecting Invalid Input Correcting Invalid Input Character String Vulnerabilities Length Issues Unicode Issues Injection Vulnerabilities SQL Injection Path Traversal Regular Expressions Dangers of XML Mitigating Injection Attacks Chapter 11: Web Security Build on a Framework The Web Security Model The HTTP Protocol Digital Certificates and HTTPS The Same Origin Policy Web Cookies Common Web Vulnerabilities Cross-Site Scripting Cross-Site Request Forgery More Vulnerabilities and Mitigations Chapter 12: Security Testing What Is Security Testing? Security Testing the GotoFail Vulnerability Functional Testing Functional Testing with the Vulnerability Security Test Cases The Limits of Security Tests Writing Security Test Cases Testing Input Validation Testing for XSS Vulnerabilities Fuzz Testing Security Regression Tests Availability Testing Resource Consumption Threshold Testing Distributed Denial-of-Service Attacks Best Practices for Security Testing Test-Driven Development Leveraging Integration Testing Security Testing Catch-Up Chapter 13: Secure Development Best Practices Code Quality Code Hygiene Exception and Error Handling Documenting Security Security Code Reviews Dependencies Choosing Secure Components Securing Interfaces Don’t Reinvent Security Wheels Contending with Legacy Security Vulnerability Triage DREAD Assessments Crafting Working Exploits Making Triage Decisions Maintaining a Secure Development Environment Separating Development from Production Securing Development Tools Releasing the Product Afterword Call to Action Security Is Everyone’s Job Baking in Security Future Security Improving Software Quality Managing Complexity From Minimizing to Maximizing Transparency Improving Software Authenticity, Trust, and Responsibility Delivering the Last Mile Conclusion Appendix A: Sample Design Document Title – Private Data Logging Component Design Document Section 1 – Product Description Section 2 – Overview 2.1 Purpose 2.2 Scope 2.3 Concepts 2.4 Requirements 2.5 Non-Goals 2.6 Outstanding Issues 2.7 Alternative Designs Section 3 – Use Cases Section 4 – System Architecture Section 5 – Data Design Section 6 – API 6.1 Hello Request 6.2 Schema Definition Request 6.3 Event Log Request 6.4 Goodbye Request Section 7 – User Interface Design Section 8 – Technical Design Section 9 – Configuration Section 10 – References Appendix B: Glossary Appendix C: Exercises Appendix D: Cheat Sheets Index
How to download source code?
1. Go to:
2. Search the book title:
Designing Secure Software: A Guide for Developers, sometime you may not get the results, please search the main title
3. Click the book title in the search results
3. Download the Source Code.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.