PART I: CONCEPTS
Chapter 1: Foundations
Chapter 2: Threats
Chapter 3: Mitigation
Chapter 4: Patterns
Chapter 5: Cryptography
PART II: DESIGN
Chapter 6: Secure Design
Chapter 7: Security Design Reviews
PART III: IMPLEMENTATION
Chapter 8: Secure Programming
Chapter 9: Low-Level Coding Flaws
Chapter 10: Untrusted Input
Chapter 11: Web Security
Chapter 12: Security Testing
Chapter 13: Secure Development Best Practices
Appendix A: Sample Design Document
Appendix B: Glossary
Appendix C: Exercises
Appendix D: Cheat Sheets
Designing Secure Software
Designing Secure Software consolidates Loren Kohnfelder’s more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process.
The book begins with a discussion of core concepts like trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book’s most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities.
You’ll learn how to:
- Identify important assets, the attack surface, and the trust boundaries in a system
- Evaluate the effectiveness of various threat mitigation candidates
- Work with well-known secure coding patterns and libraries
- Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more
- Use security testing to proactively identify vulnerabilities introduced into code
- Review a software design for security flaws effectively and without judgment
"This book addresses software developers and designers, but it also has potential impact for those involved anywhere in the production of software. IT project managers in particular can benefit from this concept-heavy presentation because they need not wade into the waters of code."
—Scott J. Pearson, Blogger at scottjpearson.com
"Designing Secure Software creates a roadmap for building towards more secure software programs. Loren Kohnfelder draws upon technical knowledge gained and developed during his 20+ year career at Microsoft and Google to arm software engineers at any level with the security mindset and tools needed to create secure software. This book is comprehensive in scope and provides many excellent examples in python and C to aid in designing software securely."
—George D. Advanced Reviewer
"The authoritative introductory book on secure software design . . . I've learned so much while reading it."
—Kirill C., Advanced Reviewer
"Designing Secure Software is a fantastic bridge between the worlds of security and development, which can benefit both sides greatly by providing them not only with the other side's perspective of a project, but also with a common vocabulary and means of communicating efficiently. I wish I had this book when I was transitioning from developer to cybersecurity engineer."
—Jamie G., Advanced Reviewer
"Provides an in depth look on promoting secure software development and breaks down complex subjects into relatable examples. Contains methodologies that are helpful to remember in threat modeling and lessons to take from past software failures."
—Jessica W., Advanced Reviewer
"Very clear and easy reading, and the examples used are both captivating and easy to understand . . . A worthwhile read for both software developers and security engineers working the application security space. It distinguishes itself by focusing on concepts rather than being a checklist of individual items to focus on."
—System Overlord, SystemOverlord.com