It’s time to point the domain name designingsecuresoftware.com
at this website. For reference, the docs I referenced for this are noted below.
Designing Secure Software consolidates more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process.
The book begins with a discussion of core concepts, covering trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book’s most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities.
You’ll learn how to:
- Identify important assets, the attack surface, and the trust boundaries in a system
- Evaluate the effectiveness of various threat mitigation candidates
- Work with well-known mitigations and secure design patterns
- Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more
- Use security testing to proactively identify vulnerabilities introduced into code
- Review a software design for security flaws effectively and without judgment
“The writing in this book is very clear and easy reading, and the examples used are both captivating and easy to understand. Kohnfelder does a great job of making a point that is easy to understand, and most of the chapters could stand alone for developers just working in that one particular area.” (read the full review)
Index review
The penultimate review for the book is the index, and I just hit Save on it. Creating the index was a surprisingly interesting as well as challenging part of writing the book, and I’m very glad to have tackled it myself. Having taken book indexes for granted myself, I have a new appreciation.
[Read More]Sales categories adjustment
When the book appeared in the Amazon marketplace I set up an author’s page and claimed the title. I expected some sort of verification, but they just granted me the book I asked for. This allows me to publish my bio and also see reports on sales ranking and so forth.
[Read More]Updating Hugo
Hugo has worked well for me building this static website overall. However, it remains generally somewhat mysterious and there have been some bumps.
[Read More]Publication date set
This Monday morning I started the week by discovering that a publication date is set for the book: October 19, 2021.
[Read More]Cover design
Once the title was chosen by the publisher (in consultation, of course) the cover design becomes the next topic of discussion. Cover design is up to the publisher, and I’m quite happy with that having zero experience. My input was that I personally prefer the dark background style of their security book series, while being open to anything the publisher might propose.
[Read More]Layout design for Appendix A
Writing about software design is difficult because there is little to no standard methodology or practice – everyone does it differently. So there is a challenge as to how to show secure software design.
[Read More]