Copy edit is the last chance to make significant changes to the text. Most chapters involve plenty of sentence rewriting and a few moves of a paragraph, but much of the delta is punctuation and word choice.
[Read More]
Designing Secure Software consolidates more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process.
The book begins with a discussion of core concepts, covering trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book’s most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities.
You’ll learn how to:
- Identify important assets, the attack surface, and the trust boundaries in a system
- Evaluate the effectiveness of various threat mitigation candidates
- Work with well-known mitigations and secure design patterns
- Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more
- Use security testing to proactively identify vulnerabilities introduced into code
- Review a software design for security flaws effectively and without judgment
“The writing in this book is very clear and easy reading, and the examples used are both captivating and easy to understand. Kohnfelder does a great job of making a point that is easy to understand, and most of the chapters could stand alone for developers just working in that one particular area.” (read the full review)
Artwork ready for review
The artwork came back as a PDF with one drawing per page, labeled by filename. The first batch was pretty good, considering that Richard (I learned the artist’s name) must have had no idea what the symbols meant.
[Read More]Going live at kohnfelder.gitlab.io
This is the obligatory post that accompanies the skeleton first draft of the website.
Setting up Hugo at GitLab was easy:
fork Hugo from https://gitlab.com/pages/hugo, follow the simple instructions,
and start editing files in the content/ directory.
Copy edit begins
Copy edit phase starts this week with two chapters (Ch 1 and 4). The chapters that resulted from developmental editing have been converted to a new style regime, and are now ODT instead of DOCX format. Each chapter arrives with edits and comments from the copy editor.
[Read More]Artwork help needed
Perhaps it was due to poor grades in Art class back in my school days, but I quickly realized that the sketches I did for graphics in the book we not going to be up to par. Having never worked with a pro, I didn’t invest a lot of time as the drawings were not getting better it seemed, and when production began the publisher sent them to a pro to fix up.
[Read More]Custom shading to highlight substrings
The section of the book on SQL injection needs to illustrate how an attack string gets inserted into a text string representing a SQL statement with unexpected results. The standard way of highlighting a part of a string available was to use bold like this:
[Read More]