Secure Coding: Principles and Practices

There are some books that I believe should be mandatory reading for any person studying computer science, information technology auditing, or some other related fields, and that should also be on the must read lists of any technology professional. I do not often come across a book like this. Secure Coding: Principles and Practices (204 pages , O'Reilly Media, 2003, ISBN 0-596-00242-4) by Mark C. Graff and Kenneth R. van Wyk, however, meets my "must-read" criteria and then some. Why do I feel this way? The first reason is that the credentials of the authors far exceed those of many other authors I have read. For starters, van Wyk has his engineering degree from Lehigh University, which in some quarters used to be regarded as a far superior engineering schools than Stanford and MIT. As one of the founders of the Computer Emergency Response Team (CERT) at Carnegie Mellon University, van Wyk also served as the Operations Chief of the Defense Information Systems Agency (DISA). Graff, at the time he wrote the book, was the Chief Cyber Security Officer at Lawrence Livermore National Lab and often serves as an Congressional expert witness on Internet security. When people have credentials such as these, a reader might be afraid to pick up a book like this for fear of being intimidated by the writing of such highly qualified people. But that is the very first surprise of the book: it is written in such a plain-speak fashion with little or no unneeded fluff, that it is extremely easy to grasp their message and see how it would apply to an information technology professional's daily work routine. This is not something easily discounted, as there are many other books out there two to three more pages long that convey less than 50% of what is offered in this book. The authors follow a very simple and well laid out path in presenting their story. They are up front in saying that if someone claims to be an expert or that they claim they can lock down an application 100%, you should run for the hills (well not exactly in those words). But this extreme is countered with a discussion of why people write bad code, a reason that is often lost on security "experts" and auditors: people are human and respond to the various stimuli in their environment. Nobody likes to write bad code they posit, but sometimes there is not often a choice. As I read more of the book, I felt that these two individuals should be teaching IT audit classes and security audit classes. They are not afraid to point out that policy (and be extension business processes) should drive architecture and design decisions, not the other way around. They do not pull punches in saying that it can be dangerous to over-architect or over-design an application or system. They clearly lay out their arguments in terms that should be familiar to any IT auditor: controls, risk assessments, threats, and more. For IT developers and administrators, there are more than enough examples and discussions so that th

My job is fixing security vulnerabilities in applications.This book offers a great description of how to creat applications that don't need fixing. It should be required reading for anyone involved in the world of software creation - from management to coders.The content is well explained, engaging and clearly written.A good job well done!

In the 11th century, Moses Maimonides taught us that the highest form of charity is to teach a man to fish. If you give him a fish, he can eat today. If you teach him to fish he can eat forever.In the same way, Mark G. Graff and Kenneth R. van Wyk have provided an excellent book that gives us a framework for thinking about security rather than trying to give specific rules that might have been invalid before the book came off the press. "Secure Coding" gives the reader the ability to envision, architect, design, code, and implement a security framework that truly meets the needs of its stakeholders.The authors don't provide a cookbook. In their own words: "When you picked up this book, perhaps you thought that we could provide certain security? Sadly, no one can."Instead, they deliver a robust mental model and a framework to understand security and to architect, design, develop, and operate secure systems. They present best practices in the field of security, the reasons for using them, and suggestions on deciding which practices are appropriate in your particular case.Their approach is to realize that the objective is not to make a system totally secure, but to make it just secure enough. Deciding what is "just secure enough" is a business and not a technical decision. It is based on weighing risk versus cost.There are substantial references throughout the book as well as an appendix of resources. The book is filled with examples of security failures and, more importantly, an excellent post mortem on each to show what could have been done to avoid the problem. The authors are extremely familiar with UNIX environments and this comes through in the examples. However, you don't need to be a UNIX guru to glean valuable lessons from the examples.One key message is that security is not something you can bolt onto an application. You must take a holistic approach to the overall system in which the application is being used. It's worth noting that many secure applications become extremely insecure because of the system environment (including networks) in which they exist.A second key message is that, while you can retrofit a insecure application, it is far easier and far less costly to incorporate security as an integral part of the entire development life-cycle including requirements, architecture, and design. The security architecture and design must be well-documented so that future maintenance does not inadvertently introduce gaping security holes.The book is primarily intended for those who architect, design, and code secure applications. However, I believe that it is a must read for those who manage and those who implement secure applications and systems.

Some of the reviewers here are missing the point of this book. It's not a "secure code cookbook" in that it doesn't give specific code examples. Such things are quickly obsolete anyway.This book teaches you how to *think* about security, how to think about and *design* code that will be secure. It isn't a "add this snippit of code to your input buffer validation function" sort of book. There are many of these books, and they're useful in their place, but this book writes about the design of secure code, not the actual specifics.To continue the cooking analogy, this is a book on how to write receipes, not a book *of* receipes.Disclaimer, I helped review this book - and I think it's the sort of work that has been sorely missing in the field (I was also given a free copy for doing the review work).Jeremy Allison,Samba Team.

In information security there are books about things and books on how to do things, this is a book *about* things.Secure coding doesn't tell you how to write secure code, the purpose is to you a clear understanding of the enviornment needed to ensure application development is being done in a sane and robust way.I was a bit nervous when one of the authors asked me to do a review of this book; I had just finished reviewing Inside Java, a masterpiece, but a tough read with a code example on every other page. Secure Coding is almost the polar opposite. There are only a couple examples of actual code. Instead the book weighs in at less than 200 content pages and is very approachable.If you are responsible for managing software developers, then you should buy this book, read this book and make certain you understand what it teaches! This will prepare you for serious discussions with your coders and give you the questions to ask to ensure they are using good practice.