Book excerpts

Selections from the book Designing Secure Software: A Guide for Developers by Loren Kohnfelder, Copyright 2022, No Starch Press

• Preface

• Introduction

• Classic security principles: C-I-A and the Gold Standard (Ch. 1)

• Information privacy basics (Ch. 1)

• Threats and security mindset (Ch. 2)

  • Categorizing Threats with STRIDE

• Security patterns (Ch. 4)

  • Design Attributes: Economy of Design, Transparent Design
  • Exposure Minimization: Least Privilege, Least Information, Secure by Default, Allowlists over Blocklists, Avoid Predictability, Fail Securely
  • Strong Enforcement: Complete Mediation, Least Common Mechanism
  • Redundancy: Defense in Depth, Separation of Privilege
  • Trust and Responsibility: Reluctance to Trust, Accept Security Responsibility
  • Anti-Patterns: Confused Deputy, Backflow of Trust, Third-Party Hooks, Unpatchable Components

• Security Design Review: Overview and six step process (Ch. 7)

• Untrusted Input selections (Ch. 10)

  • Injection Attacks
  • Path Traversal

• Security Testing: Security tests and security regression tests (Ch. 12)