Skip to navigation

Building Secure Software review

 
Gallery

Verdict

Practical, low-level, hands-on advice for the career developer looking to avoid costly security gaffs. Lots of specific code examples, but let down by its overtly Unix bias.

Review Date: 3 Jul 2002

Reviewed By: Davey Winder

Price when reviewed:

Overall Rating
4 stars out of 6

Given the number of times we have to download and install YAP (yet another patch) for a security problem relating to n by way of just one example n buffer overflow issues, perhaps someone should buy a copy of Building Secure Software for the Microsoft Campus library at Redmond, Seattle.
Sticking with this example, it highlights how simple it is to let an easily preventable bug crawl out into even the biggest of software projects. If it can happen in the likes of XP and Internet Explorer with their astronomical development budgets and myriad of programming staff, then spare a thought as to how difficult bringing bug-free applications to the market can be for the smaller enterprise.
This is where this book comes in n part of the Addison-Wesley Professional Computing Series and authored by two acknowledged experts in the field. Their core advice is simple and seemingly forgotten by all too many developers today: get the design foundations right and you end up with a much better chance that the end product won't collapse around you at a later date. In other words, this book teaches you how to take a proactive approach to computer security from the bottom up.
The book follows a logical progression from introductory overview that takes the reader from dealing with widespread security failures through ongoing technical trends and understanding essential development goals of multilevel security. From here, we move on to software risk management before hitting the heavy stuff and discovering the right languages for the job in hand, including an excellent look at authentication technologies. The eternal conundrum of open vs closed source n or the security by obscurity debate, if you prefer n is quickly summed up along with a 'top 10' of guiding principles for software security.
One of the few areas of criticism that might be made is a distinct favouring of Unix as the platform of choice, but this bias is perhaps understandable, considering the book's purpose. Still, those of a technical bent won't be disappointed, as this tome is aimed squarely at them. You'll find coverage of those buffer overflows (in a dedicated 50-page chapter), race conditions, applied cryptography, client-side issues, firewall strategies and code obfuscation.

Author: Davey Winder

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here

From around the web

Comments

Be the first to comment this article

You need to Login or Register to comment.

(optional)

Latest Books Reviews
Working With X6 review

Working With X6

Rating: 4 out of 6
Programming ASP .NET review

Programming ASP .NET

Rating: 5 out of 6
Visual Basic .NET Programmer's Reference review

Visual Basic .NET Programmer's Reference

Rating: 5 out of 6
Cisco Routers for IP Networking review

Cisco Routers for IP Networking

Rating: 5 out of 6
Building Oracle XML Applications review

Building Oracle XML Applications

Rating: 6 out of 6

advertisement

Most Commented Reviews
More From PC Pro
Latest News Stories Subscribe to our RSS Feeds
Latest Blog Posts Subscribe to our RSS Feeds
Latest Features
Latest Real World Computing

advertisement

Sponsored Links

Software Store

Only from the PC PRO Software Store
 
 
SEARCH
SIGN UP

Your email:

Your password:

remember me

Create an account

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.