Book cover art

Designing Secure Software consolidates more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process.

The book begins with a discussion of core concepts, covering trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book’s most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities.

You’ll learn how to:

  • Identify important assets, the attack surface, and the trust boundaries in a system
  • Evaluate the effectiveness of various threat mitigation candidates
  • Work with well-known mitigations and secure design patterns
  • Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more
  • Use security testing to proactively identify vulnerabilities introduced into code
  • Review a software design for security flaws effectively and without judgment

“The writing in this book is very clear and easy reading, and the examples used are both captivating and easy to understand. Kohnfelder does a great job of making a point that is easy to understand, and most of the chapters could stand alone for developers just working in that one particular area.” (read the full review)


Trusting AI

Whenever considering applications that rely on generative AI, I believe we always need to ask if we can trust it. And given the technology’s track record it’s hard to imagine how we are going to honestly be able to say “100%” any time soon. That’s why, for the time being, I think the following guideline will be very important.

[Read More]

Better security discussions

I’ve been a fan of threat modeling for many years, but only recently seeing that it isn’t just behind-the-scenes work for software professionals to do. Threats and mitigations need to be part of any discussion about security. That is, news articles that urgently warn of the latest zero-day or when privacy advocates decry the latest outrage from the big platforms, to frame a good discussion requires outlining the threat model you are talking about.

[Read More]

Japanese translation is on sale

8月18日、新刊『セキュアなソフトウェアの設計と開発』を発刊

The Japanese translation of my book goes on sale this week. This is particularly rewarding for me because I lived and worked there for about ten years and speak the language well enough to read the text (but nowhere near ability write at a publishable level of quality). I’m quoted in the press release, wrote a special preface (English version), and there’s an interview with the translators in the book (all in Japanese, obviously).

[Read More]

On the Signature Reblocking Problem in Public Key Cryptosystems

In Chapter 5 of the book I write about my good fortunate meeting two of the RSA algorithm inventors at MIT, and collaborating with them. As soon as I had a chance to ready their (as yet unpublished) paper, the “reblocking problem” bothered me as a rather awkward implementation detail. This refers to a technical issue described in Section X (Avoiding “Reblocking” When Encrypting A Signed Message) of the foundational RSA paper that is described in a nutshell in the first sentence.

[Read More]

Bard likes my book

I was surprised that Bard has read my book, or at least claims to have. Here’s our conversation about it, word for word: it’s a good overview.

[Read More]
promo 

Polish translation is on sale

Wspaniale jest widzieć, że ukazało się polskie tłumaczenie mojej książki o bezpieczeństwie oprogramowania. (It’s great to see that the Polish translation of my book on software security is out. )

[Read More]