Building Secure Software: How to Avoid Security Problems the Right Way (Paperback)

John Viega, Gary McGraw

買這商品的人也買了...

商品描述

Most organizations have a firewall, antivirus software, and intrusion detection systems, all of which are intended to keep attackers out. So why is computer security a bigger problem today than ever before? The answer is simple--bad software lies at the heart of all computer security problems. Traditional solutions simply treat the symptoms, not the problem, and usually do so in a reactive way. This book teaches you how to take a proactive approach to computer security.

Building Secure Software cuts to the heart of computer security to help you get security right the first time. If you are serious about computer security, you need to read this book, which includes essential lessons for both security professionals who have come to realize that software is the problem, and software developers who intend to make their code behave. Written for anyone involved in software development and use—from managers to coders—this book is your first step toward building more secure software. Building Secure Software provides expert perspectives and techniques to help you ensure the security of essential software. If you consider threats and vulnerabilities early in the devel-opment cycle you can build security into your system. With this book you will learn how to determine an acceptable level of risk, develop security tests, and plug security holes before software is even shipped.

Inside you'll find the ten guiding principles for software security, as well as detailed coverage of:

  • Software risk management for security
  • Selecting technologies to make your code more secure
  • Security implications of open source and proprietary software
  • How to audit software
  • The dreaded buffer overflow
  • Access control and password authentication
  • Random number generation
  • Applying cryptography
  • Trust management and input
  • Client-side security
  • Dealing with firewalls

Only by building secure software can you defend yourself against security breaches and gain the confidence that comes with knowing you won't have to play the "penetrate and patch" game anymore. Get it right the first time. Let these expert authors show you how to properly design your system; save time, money, and credibility; and preserve your customers' trust.

商品描述(中文翻譯)

大多數組織都擁有防火牆、防病毒軟體和入侵檢測系統,這些都是為了防止攻擊者入侵。那麼為什麼電腦安全問題比以往任何時候都更嚴重呢?答案很簡單 - 糟糕的軟體是所有電腦安全問題的根源。傳統解決方案只是治標不治本,通常是以被動的方式進行。本書教你如何主動應對電腦安全問題。

《建立安全軟體》直指電腦安全的核心,幫助你第一次就做對安全。如果你對電腦安全很重視,你需要閱讀這本書,其中包含了對於已經意識到軟體是問題的安全專業人士以及打算讓他們的程式碼正常運作的軟體開發人員來說都是必不可少的重要課程。本書針對從管理人員到程式設計師等所有參與軟體開發和使用的人,是你建立更安全軟體的第一步。《建立安全軟體》提供了專家觀點和技巧,幫助你確保關鍵軟體的安全性。如果你在開發週期的早期考慮到威脅和漏洞,你可以在系統中建立安全性。通過本書,你將學習如何確定可接受的風險水平,開發安全測試,並在軟體發佈之前修補安全漏洞。

在本書中,你將找到軟體安全的十個指導原則,以及詳細介紹以下內容:
- 軟體安全的風險管理
- 選擇使你的程式碼更安全的技術
- 開源和專有軟體的安全影響
- 如何審計軟體
- 令人擔憂的緩衝區溢位
- 存取控制和密碼驗證
- 隨機數生成
- 應用密碼學
- 信任管理和輸入
- 客戶端安全
- 處理防火牆

只有通過建立安全軟體,你才能防止安全漏洞並獲得信心,知道你不再需要玩“入侵和修補”的遊戲。第一次就做對。讓這些專家作者向你展示如何正確設計你的系統,節省時間、金錢和信譽,並保護你的客戶信任。