Designing Secure Software

A Guide for Developers

Loren Kohnfelder

$115

Paperback

Not in-store but you can order this
How long will it take?

Availability Information

We source books from suppliers in Australia and overseas. For books we don't currently have in stock, the time it takes to get them from our suppliers can vary widely - from a few days to a few months - so we check each book with each supplier to determine the expected time it will take to be supplied to us.

We then advise you accordingly. If the time taken to get any book is too long for you, you can let us know and we will cancel or adjust your order, and refund as required.

To find out the anticipated arrival time for specific items prior to ordering, please contact us by phone or email:

Phone +61 2 9264 3111, or 1800 4 BOOKS (1800 4 26657) if outside Sydney:
option 1 Abbey's Bookshop (Crime, History, Science, Kids & more) • info@abbeys.com.au
option 2 Language Book Centre (ESL & Foreign Languages) • language@abbeys.com.au
option 3 Galaxy Bookshop (Sci-fi, Fantasy, Romance, Graphic Novels) • sf@galaxybooks.com.au

QTY:

English

No Starch Press,US
05 January 2022

Computer programming & software development

What every software professional should know about security.

What every software professional should know about security.

Designing Secure Software consolidates Loren Kohnfelder's more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process.

The book begins with a discussion of core concepts like trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book's most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities.

You'll learn how to-

. Identify important assets, the attack surface, and the trust boundaries in a system

. Evaluate the effectiveness of various threat mitigation candidates

. Work with well-known secure coding patterns and libraries

. Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more

. Use security testing to proactively identify vulnerabilities introduced into code

. Review a software design for security flaws effectively and without judgment

Kohnfelder's career, spanning decades at Microsoft and Google, introduced numerous software security initiatives, including the co-creation of the STRIDE threat modeling framework used widely today. This book is a modern, pragmatic consolidation of his best practices, insights, and ideas about the future of software.

By: Loren Kohnfelder
Imprint: No Starch Press,US
Country of Publication: United States
Dimensions: Height: 235mm, Width: 178mm,
ISBN: 9781718501928
ISBN 10: 1718501927
Pages: 312
Publication Date: 05 January 2022
Audience: General/trade , ELT Advanced
Format: Paperback
Publisher's Status: Active

Loren Kohnfelder has over 20 years of experience working in the security industry for companies like Microsoft and Google. At Microsoft, he was a key contributor to the industry's first formalized proactive security process methodology, and program-managed the .NET platform security effort. He was also a key contributor to the first organized approach to security by any major software platform company. At Google he worked as a software engineer on the Security team and as a founding member of the Privacy team, performing numerous security design reviews of large-scale complex real-world commercial platforms and systems, while working on various projects as a developer. Now retired, Kohnfelder shares his unique experience in industry through this book.

Reviews for Designing Secure Software: A Guide for Developers

This book addresses software developers and designers, but it also has potential impact for those involved anywhere in the production of software. IT project managers in particular can benefit from this concept-heavy presentation because they need not wade into the waters of code. -Scott J. Pearson, Blogger at scottjpearson.com Designing Secure Software creates a roadmap for building towards more secure software programs. Loren Kohnfelder draws upon technical knowledge gained and developed during his 20+ year career at Microsoft and Google to arm software engineers at any level with the security mindset and tools needed to create secure software. This book is comprehensive in scope and provides many excellent examples in python and C to aid in designing software securely. -George D. Advanced Reviewer The authoritative introductory book on secure software design . . . I've learned so much while reading it. -Kirill C., Advanced Reviewer Provides an in depth look on promoting secure software development and breaks down complex subjects into relatable examples. Contains methodologies that are helpful to remember in threat modeling and lessons to take from past software failures. -Jessica W., Advanced Reviewer Very clear and easy reading, and the examples used are both captivating and easy to understand . . . A worthwhile read for both software developers and security engineers working the application security space. It distinguishes itself by focusing on concepts rather than being a checklist of individual items to focus on. -System Overlord, SystemOverlord.com Technical books that read smoothly are rare, and this is one of them. The book provides a good overview of the application security field and gives you the resources to explore more. -Vickie Li, Developer Evangelist, Author of Bug Bounty Bootcamp