The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'Secure Coding: Principles and Practices'

Cover of Secure Coding: Principles and Practices
TitleSecure Coding: Principles and Practices
Author(s)Mark G. Graff, Kenneth R. Van Wyk
ISBN0596002424
LanguageEnglish
PublishedJuly 2003
PublisherO'Reilly & Associates
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer programming
Amazon.com info for Secure Coding: Principles and Practices

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Secure Coding: Principles and Practices':

Reviewer Rob Slade wrote:
Recent events have demonstrated that we are badly in need of guidance in the matter of the construction of secure software (or the safe fabrication of code). This book covers a topic that is very necessary. Unfortunately, the work is insufficient to the task. Chapter one provides us with the all-too-common information that attacks happen, and that there are bugs in software, but at least the writing style is thought-provoking. At times the material is also bemusing, as in the beginning of chapter two, which proposes that code be "just secure enough"--even though the end of the previous chapter pointed out that premise as one of the problems of software quality. We are given thirty principles of secure architecture (the first one of which has at least seventeen sub-points), and while all of them are good, they are both too many to serve as a convenient guide, and still not exhaustive of the possible problems. (Number thirty tacitly admits this, asking "what did I forget?") There are some examples that provide a limited amount of practical advice on design, in chapter three, but much of the content is abstract and vague. It is hard to find a structure or thread through the material, which seems to be a miscellaneous collection of security topics such as risk management. Chapter four dispenses good suggestions about implementation, but the text hardly constitutes any kind of failsafe process for building software. Operations, in chapter five, seems to be basically a review of all aspects of security. Chapter six starts out by bemoaning the fact that so much of testing is done on an ad hoc basis, without structure and process. This is quite ironic, in view of the fact that the book can fairly be described as ad hoc, too. While the advice given in the text is useful and good, it is also generally well-known, and often unsupported by material in regard to how the recommended outcomes might be accomplished. This is certainly a rallying cry for what we need to do, but doesn't necessarily move us closer to actually doing it. copyright Robert M. Slade, 2003
Add my review for Secure Coding: Principles and Practices

Book description:

Despite their myriad manifestations and different targets, nearly all attacks on computer systems have one fundamental cause: the code used to run far too many systems today is not secure. Flaws in its design, implementation, testing, and operations allow attackers all-too-easy access. Secure Coding, by Mark G. Graff and Ken vanWyk, looks at the problem of bad code in a new way. Packed with advice based on the authors' decades of experience in the computer security field, this concise and highly readable book explains why so much code today is filled with vulnerabilities, and tells readers what they must do to avoid writing code that can be exploited by attackers. Beyond the technical, Secure Coding sheds new light on the economic, psychological, and sheer practical reasons why security vulnerabilities are so ubiquitous today. It presents a new way of thinking about these vulnerabilities and ways that developers can compensate for the factors that have produced such unsecured software in the past. It issues a challenge to all those concerned about computer security to finally make a commitment to building code the right way.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement