Designing Secure Software

What every software professional should know about security.Designing Secure Software consolidates Loren Kohnfelder s more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process. The book begins with a discussion of core concepts like trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book s most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities. You ll learn how to:     Identify important assets, the attack surface, and the trust boundaries in a system     Evaluate the effectiveness of various threat mitigation candidates     Work with well-known secure coding patterns and libraries     Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more     Use security testing to proactively identify vulnerabilities introduced into code     Review a software design for security flaws effectively and without judgment  Kohnfelder s career, spanning decades at Microsoft and Google, introduced numerous software security initiatives, including the co-creation of the STRIDE threat modeling framework used widely today. This book is a modern, pragmatic consolidation of his best practices, insights, and ideas about the future of software.