Loren Kohnfelder - Designing Secure Software: A Guide for Developers
Here you can read online Loren Kohnfelder - Designing Secure Software: A Guide for Developers full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2021, publisher: No Starch Press, genre: Romance novel. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:Designing Secure Software: A Guide for Developers
- Author:
- Publisher:No Starch Press
- Genre:
- Year:2021
- Rating:5 / 5
- Favourites:Add to favourites
- Your mark:
Designing Secure Software: A Guide for Developers: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Designing Secure Software: A Guide for Developers" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
Loren Kohnfelder: author's other books
Who wrote Designing Secure Software: A Guide for Developers? Find out the surname, the name of the author of the book and a list of all author's works by series.
Designing Secure Software: A Guide for Developers — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Designing Secure Software: A Guide for Developers" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
Loren Kohnfelder
DESIGNING SECURE SOFTWARE. Copyright 2022 by Loren Kohnfelder
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher.
First Printing
25 24 23 22 21 1 2 3 4 5 6 7 8 9
ISBN-13: 978-17185-0192-8 (print)
ISBN-13: 978-17185-0193-5 (ebook)
Publisher: William Pollock
Production Manager: Rachel Monaghan
Production Editor: Katrina Taylor
Developmental Editor: Frances Saux
Technical Reviewer: Cliff Janzen
Cover Illustrator: Rick Reese
Cover and Interior Design: Octopod Studios
Copyeditor: Rachel Head
Compositor: Jeff Lytle, Happenstance-Type-O-Rama
Proofreader: May Huang
For information on book distributors or translations, please contact No Starch Press, Inc. directly:
No Starch Press Inc.
245 8th Street, San Francisco, CA 94103
phone: 1-415-863-9900;
www.nostarch.com
Library of Congress Cataloguing-in-Publication Data
Names: Kohnfelder, Loren, author.
Title: Designing secure software : a guide for developers / Loren Kohnfelder.
Description: San Francisco : No Starch Press, 2022. | Includes index. |
Summary: "An introduction to computer security that focuses on basic
security concepts, like threats and how developers mitigate them. It
covers the process of reviewing design documents with security in mind
and explores techniques attackers use to exploit systems and how to
protect against them with secure coding and development practices"-
Provided by publisher.
Identifiers: LCCN 2021032322 (print) | LCCN 2021032323 (ebook) | ISBN
9781718501928 (print) | ISBN 9781718501935 (ebook)
Subjects: LCSH: Software engineering. | Software architecture. | Computer
security. | Application software--Development.
Classification: LCC QA76.758 .K675 2022 (print) | LCC QA76.758 (ebook) |
DDC 005.1--dc23
LC record available at https://lccn.loc.gov/2021032322
LC ebook record available at https://lccn.loc.gov/2021032323
No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.
The information in this book is distributed on an As Is basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it.
In memory of robin.
Dedicated to all the software professionals who keep the digital world afloat, working to improve security one day at a time. Their greatest successes are those rare boring days when nothing bad happens.
Loren Kohnfelder began programming over fifty years ago. As an undergraduate at MIT, his thesis Towards a Practical Public-Key Cryptosystem (1978) first described digital certificates and the foundations of public key infrastructure (PKI).
His software career spans a wide variety of programming jobs, from punched cards, writing disk controller drivers, a linking loader, video games, two stints in Japan, to equipment control software in a semiconductor research lab. At Microsoft, he returned to security work on the Internet Explorer team, and later the .NET platform security team, contributing to the industrys first proactive security process methodology.
Most recently, at Google, he worked as a software engineer on the security team and later as a founding member of the privacy team, performing well over one hundred security design reviews of large-scale commercial systems.
Since the early days of Commodore PET and VIC-20, technology has been a constant companion (and sometimes an obsession!) to Cliff Janzen. Cliff spends a majority of the work day managing and mentoring a great team of security professionals, but strives to stay technically relevant by tackling everything from security policy reviews to penetration testing to incident response. He feels lucky to have a career that is also his favorite hobby and a wife who supports him.
The book you have just started to read is unusual in many ways. Small and carefully written, it is a very technical book with very little code. Its a security book designed for those other than security experts. And as Loren discusses, it is a deeply personal perspective on technology, written by someone who has shipped large commercial products, invented important security technology, and worked extensively in product security.
In 2006, I joined Microsoft, and was handed responsibility for how we threat modeled across all our products and services. The main approach we used was based on Lorens STRIDE work. STRIDE is a mnemonic to help us consider the threats of Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. It has become a key building block for me. (Its so central that I regularly need to correct people who think I invented STRIDE.) In fact, when I read this book, I was delighted to find that Loren calls on my Four Questions Framework much the way I call on STRIDE. The Framework is a way of approaching problems by asking what we are working on, what can go wrong, what we are going to do about those things, and whether we did a good job. Many of the lessons in this book suggest that Loren and I have collaborated even though we never worked directly together.
Today, the world is changing. Security flaws have become front page news. Your customers expect better security than ever before, and push those demands by including security in their evaluation criteria, drafting contract clauses, putting pressure on salespeople and executives, and pressing for new laws. Now is a great time to bring better security design into your software, from conception to coding. This book is about that difficult subject: how to design software that is secure.
The subject is difficult because of two main challenges. The first challenge, that security and trust are both natural and nuanced, is the subject of Chapter 1, so I wont say more about it. The second is that software professionals often hope that software wont require design. Software seems infinitely malleable, unlike the products of other engineering disciplines. In those other disciplines, we build models and prototypes before we bend steel, pour concrete, or photo-etch silicon. And in contrast, we build code, refine it, and then release it to the world, rather than following the famous advice of Fred Brooks: youre going to throw away the first system you build, so you might as well plan to treat it as a prototype. The stories we tell of the evolution of software rarely linger on our fruitless meanderings. We like to dismiss the many lightbulbs that didnt work and talk instead about how the right design just happened to come to us. Sometimes, we even believe it. Even in writing this, I am aware of a risk that you will think meor worse, Lorento be an advocate of design for its own sake. And that I bother to disclaim it brings me to another challenge that this book ably takes on: offering practical advice about the design of software.
Font size:
Interval:
Bookmark:
Similar books «Designing Secure Software: A Guide for Developers»
Look at similar books to Designing Secure Software: A Guide for Developers. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book Designing Secure Software: A Guide for Developers and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.