The global scale of internetworked computers has placed increased emphasis on software security, particularly in the case of software that implements network clients and servers. Many current computer security practices, such as firewalls and intrusion detection systems, are necessitated by sloppy security practices in the software they are entrusted to protect. This book addresses many aspects of the process and practices that need to be followed to write secure software.
The authors rightly argue that the current “penetrate and patch” attitude, common in many software development projects, is not sustainable--software needs to be designed and implemented in a secure way from the ground up. Secure software has to address a number of different and sometimes conflicting goals, including the prevention of security problems, traceability, monitoring, privacy, confidentiality, authentication, and integrity. As in all engineering, developers have to balance these requirements against tight budgets and even tighter deadlines. The risk management approach described in this book offers a way to address the importance of each requirement during the entire project’s life cycle appropriately, from requirements, to design, to implementation, to security testing.
The choice of implementation platform, and, recently, the decision to release source code for a project are important aspects of a project that influence security. The authors describe the many problems associated with using C/C++ as a development language (yet admit to commonly using it in their own projects), and present the issues associated with Java security. They also examine the security aspects of distributed object platforms, operating systems, and authentication technologies. The discussion of the open-source code model as a way to develop secure software is interesting and well balanced. The authors present ten guiding principles for building secure software, from “secure the weakest link” to “use your community resources.” I found the description of architectural security analysis through the use of attack trees and the overview of software auditing tools and techniques to be highly informative.
The rest of the book offers concrete practical advice on the actual task of coding secure software. Although it is difficult to discern the methodological principles guiding the division of the issues examined, most common security problems are covered. The authors’ advice is divided into areas according to the underlying low-level security implementation issues: buffer overflows, access, control, race conditions, randomness, cryptography application, trust management, password authentication, databases, clients, and firewalls. Many issues are illustrated using C (or, less commonly, Java) source code examples, as well as counterexamples from real incidents. Apart from a 30-page, detailed description of stack overflow attacks (complete with examples of sample exploiting code), which is in my opinion unwarranted, the treatment is balanced and instructive. Microsoft Windows-related material appears sparsely among the many Unix-centered examples, but is not completely absent.
An appendix discussing cryptography basics, selected references, and a detailed index complete the book’s offerings. True to its title, this book will indeed help software practitioners to design and implement secure software.