Synopses & Reviews
Security is an area of increasing and grave concern to programmers. Security attacks abound, and all too often the way in for the perpetrators is through a hole left by an unwary programmer. For example, there is the case of some forty million credit card numbers having been exposed to hackers by a company then known as CardSystems, and hundreds of thousands of them stolen. Forty million people suddenly had their credit and finances put at risk. How were those numbers exposed? They were taken in what is called a SQL injection attack, one made possible by a likely anonymous programmer many levels down in the CardSystems hierarchy who simply was unaware of the ultimate danger inherent in the code that he was writing. CardSystems suffered greatly from the publicity surrounding the successful attack, and no longer exists today as an independent company.
It was recently made public that the CardSystems data breach which exposed 40 million credit cards in 2005 (arguably the worst cyberattack of all time, to date, and also investigated by Congress and the FTC) was due to SQL injection and weak passwords.
For background, see http: //www.webappsec.org/projects/whid/list_id_2004-17.shtml
Also, see clause 6 of the FTC commission report:
http: //www.ftc.gov/os/caselist/0523148/0523148complaint.pdf
Fallout from the security breach, http: //www.strategy-business.com/press/sbkw2/sbkwarticle/sbkw051130)
Software developers today need to worry about security as never before. They need clear guidance on safe coding practices, and thata (TM)s exactly what Fundamentals of Security: What Ever Programmer Needs to Know delivers. This isna (TM)t a book that goes deep into theory, or that rants on about the politics of security. This is a book that clearly and simply lays out the most common threats that programmers need to defend against. And then the book shows programmers how to make their defense. The book takes a broad focus, ranging over SQL injection, worms and buffer overflows, password security, and more. The book is written to appeal to all programmers, not just those using a particular language. It introduces programmers to the entire gamut of security threats that they might face, and sets those programmers on the path towards successfully defending against those threats.
Synopsis
Revealing how weak passwords and SQL injection can lead to potentially devastating security breaches, a comprehensive overview of computer security for programmers describes the most common threats against which programmers need to defend a system, as well as the effective measures to evaluate and protect a system from password security breaks, worms and buffer overflows, SQL injections, and other dangers. Original. (All Users)
Synopsis
Foundations of Security: What Every Programmer Needs to Know teaches new and current software professionals state-of-the-art software security design principles, methodology, and concrete programming techniques they need to build secure software systems. Once you're enabled with the techniques covered in this book, you can start to alleviate some of the inherent vulnerabilities that make today's software so susceptible to attack. The book uses web servers and web applications as running examples throughout the book.
For the past few years, the Internet has had a wild, wild west flavor to it. Credit card numbers are stolen in massive numbers. Commercial web sites have been shut down by Internet worms. Poor privacy practices come to light and cause great embarrassment to the corporations behind them. All these security-related issues contribute at least to a lack of trust and loss of goodwill. Often there is a monetary cost as well, as companies scramble to clean up the mess when they get spotlighted by poor security practices.
It takes time to build trust with users, and trust is hard to win back. Security vulnerabilities get in the way of that trust. Foundations of Security: What Every Programmer Needs To Know helps you manage risk due to insecure code and build trust with users by showing how to write code to prevent, detect, and contain attacks.The lead author co-founded the Stanford Center for Professional Development Computer Security Certification. This book teaches you how to be more vigilant and develop a sixth sense for identifying and eliminating potential security vulnerabilities. You'll receive hands-on code examples for a deep and practical understanding of security. You'll learn enough about security to get the job done. Table of Contents Security Goals Secure Systems Design Secure Design Principles Exercises for Part 1 Worms and Other Malware Buffer Overflows Client-State Manipulation SQL Injection Password Security Cross-Domain Security in Web Applications Exercises for Part 2 Symmetric Key Cryptography Asymmetric Key Cryptography Key Management and Exchange MACs and Signatures Exercises for Part 3
Synopsis
Security is an area of increasing and grave concern to programmers. Software developers today need to worry about security as never before. They need clear guidance on safe coding practices, and that's exactly what this book delivers. This is not a book that goes deep into theory, or that rants on about the politics of security. Instead, it clearly and simply lays out the most common threats that programmers need to defend against. The book then shows programmers how to make their defense. The book takes a broad focus, ranging over SQL injection, worms and buffer overflows, password security, and more. The lead author is behind the Stanford Center for Professional Development Computer Security Certification. The book is written to appeal to all programmers, not just those using a particular language. It introduces programmers to the entire gamut of security threats that they might face, and sets those programmers on the path towards successfully defending against those threats.