Customer Rating: 
Summary: The book that launched a new security genre
Comment: 'Building Secure Software' (BSS) is an excellent book. I can't believe it was published in the fall of 2001, and I've only gotten to it now. Negative reviewers should remember that a single book can't address every security topic under the sun. BSS is the first of several titles by authors Viega and McGraw; those looking for additional details can peruse their later books.
BSS has three overall strengths which merit a five star review. First, the book contains the distilled wisdom of its two authors. We are lucky to have two developers-turned-security-experts sharing their insights with us. They explain many concepts in plain language suitable for coders and non-coders alike. I especially enjoyed their ten guiding principles of ch 5 and the auditing software advice of ch 6. In other sections, like ch 4, they argue that 'open source' does not equal 'secure.' In ch 2 the authors explain the importance of system specifications, i.e., how is a system expected to act under a given situation? These sorts of insights are useful for managers as well as developers.
Second, BSS backs up its recommendations with real code examples. The authors don't just tell you what to do -- they show you. In many cases they begin with a 'naive' implementation fraught with errors, which they then incrementally improve. The password material in ch 13 is an example of this technique. A related benefit of the book was its description of attack trees in ch 6, which I find helpful.
Third, the authors very thoroughly discuss topics mentioned in other books, but not backed up in those titles by code samples. For example, ch 7 has a very detailed buffer overflow explanation. If you want to follow actual code and memory locations to understand how to write a buffer overflow exploit, ch 7 will explain how to do it.
BSS's errata doesn't seem to be available at the defunct book Web site, although I was able to retrieve it via the Internet Archive. My main concern with the book's content was the replacement of the security principle of 'availability' by another principle, 'authentication.' In other words, when one mentions 'the big three security goals,' (p. 22) they are 'confidentiality,' 'integrity,' and 'availability,' not 'authentication.'
I didn't find the relative lack of Windows-specific material to be a problem. The book's errata addresses some of the negative reviewers' concerns. Several years after its initial publication, BSS is still a timely and relevant read that I recommend to all developers and security professionals.
Customer Rating:
Summary: An Indictment for Applications Development
Comment: Many transformations begin with an indictment. Two notable examples are Martin Luther's "95 Theses" criticizing the Catholic Church, which began the Reformation, and Ralph Nader's denunciation of the auto industry with "Unsafe at Any Speed." An indictment of the software industry and its indifference to writing secure software hasbeen published in "Building Secure Software: How to Avoid Security Problems the Right Way" by John Viega and Gary McGraw.Twenty years into the client-server revolution, and a decade into the Internet revolution, it's a measure of inadequacy of secure coding that only now are the first books being written on how to secure software -- the very foundation of information systems. Software developers who code without taking security into consideration are potentially as dangerous as a physician prescribing a drug without knowing its side effects. As a society, we should tolerate neither. While security products such as firewalls, encryption devices, event monitoring and intrusion-detection systems are needed to secure networks; it must not be forgotten that behind every security problem is a common enemy -- insecurely written software. Building secure software is not rocket science. Writing secure code doesn't mean turning every developer into a world-class cryptographer. It simply means training them in the fundamentals of how software works, including security. If corporate end users can betrained not to send inappropriate (sexist, racist, confidential, etc.) e-mail via corporate servers, then software developers can certainly be trained to write secure software programs. The revolution needed in software development is to integrate security into software engineering. The current approach in software is to patch problems after they occur. In fact, 2003 saw the rise of many patch management companies; a sector that only came to be recently. Endless patching is a downward spiral that only serves to treat the symptoms, not the true problem, and only in a reactive manner. Had those same programmers been trained in writing secure code, much of the problems would have been obviated and billions of dollars saved in the interim. It's all the rage to send development offshore in the name of saving money. If companies understood how much more money could be saved by building secure software from the get-go, rather than bolting security on as an afterthought; wouldn't they do the same? It's frightening to think that in just a matter of years, everything but the food we eat will have an IP address attached to it. When the time comes that your family vacation commences with a flight on a pilot-less airplane, here's hoping the developers of the navigation and control systems knew the rudiments of writing secure software.
Customer Rating: 
Summary: essential reading
Comment: This subject of this book isn't written about often enough. Where are the vulnerabilites? Think about that question... They are in the software! This is an area of security that is not adressed often enough. I consider this book essential reading for anyone in the IT security arena. This is the first book of its kind.
The first 6 chapters can be read and understood by programmers and managment alike. The first 6 chapters should be required reading for any security professional or manager. They discuss software engineering and how vulnerabilities creep into the software.
The remainder of the book is geared towards secure coding technques. The techniques discussed can be applied to any language and many are discussed. Much is geared towards C however. There are sections on inherently vulnerable functions and input validation. Also of interest are sections on the implementation of PRNG and crypto.
All of the helpful code samples are available at the book's web site. This 2-year old text will be relevant for years to come. It will be a security classic. It's enjoyable to read overall, but I found it a bit dry in a couple of spots. I really rates about 4 and a half stars. I read it cover to cover and enjoyed it. Unlike many modern security books, I've found this one incredibly useful as a reference since reading it.
Customer Rating:
Summary: Dont code until you read this book
Comment: I thought I was good at coding, but didn't realize how much security breaches can be done until I read this book.From messy Java issues to buffer overflows; this book covers it. Don't code until you read this book!
Customer Rating:
Summary: My current choice for text in computer security
Comment: Even IT professionals are not completely aware of how much our society relies on the effective use of computers. For if they did, security issues would always be foremost in our minds. Nearly all of us lock the doors to our houses when we leave and yet there are problems with computers that are equivalent to leaving the door open and posting a large sign as to where the valuables are located. I am just as guilty as most others in this area, but the heavy object has finally hit me over the head, so I am now deeply involved in learning all aspects of computer security.
One of the best books that I have found that explains details rather than fluffy generalities is this one. In looking through books, there were so many that used the soapbox approach, proclaiming long and loud about the need for security, but never reaching the level of the designer in showing the specific ways in which security features can be implemented. This book does that. The specific code examples illustrating many of the security features show quite clearly how it is possible to include security in the basic structure of your programs.
There are those who complain that publishing details of security flaws gives people information that will allow them to become an effective black hat hacker. This is an argument that is ridiculous. A malicious user is someone with a specific state of mind, and a bit of information does not make one a criminal, just makes it slightly easier for them to engage in their criminal acts. Any law enforcement officer will tell you that to prevent crime you have to learn the many ways crimes are committed. The authors of this book show you how the black hats do their cracking.
As a consequence of reading this book, I was motivated to create a series of security lessons and write a proposal for a class in computer security for the next academic year. That class recently received overwhelming departmental approval and right now, this is the text that I will use.
|
|
