Designing Secure Software: A Guide for Developers (Paperback)
暫譯: 設計安全軟體:開發者指南 (平裝本)
Kohnfelder, Loren
- 出版商: No Starch Press
- 出版日期: 2021-12-21
- 定價: $1,800
- 售價: 8.0 折 $1,440
- 語言: 英文
- 頁數: 312
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1718501927
- ISBN-13: 9781718501928
-
相關分類:
資訊安全、資訊安全
-
相關翻譯:
軟件開發安全之道概念、設計與實施 (簡中版)
立即出貨 (庫存 < 4)
買這商品的人也買了...
-
大話設計模式$620$490 -
深入淺出 Linux TCP/IP 協定核心$520$442 -
領域驅動設計:軟體核心複雜度的解決方法 (Domain-Driven Design: Tackling Complexity in the Heart of Software)$680$530 -
重構|改善既有程式的設計, 2/e (繁中平裝版)(Refactoring: Improving The Design of Existing Code, 2/e)$800$632 -
Hands-On Deep Learning for Finance$1,640$1,558 -
Algorithmic Trading with Python: Quantitative Methods and Strategy Development$1,260$1,197 -
$301Web 安全漏洞原理及實戰 -
神之手:動畫大神 加加美高浩的繪手神技$550$495 -
零信任網路|在不受信任的網路中建構安全系統 (Zero Trust Networks)$480$379 -
Scrum 實踐者應該知道的 97件事|來自專家的集體智慧 (97 Things Every Scrum Practitioner Should Know)$450$356 -
重新認識 Vue.js:008天絕對看不完的 Vue.js 3 指南$600$468 -
使用 AWS 在雲端建置 Linux 伺服器的 20堂課$500$375 -
Windows APT Warfare:惡意程式前線戰術指南$600$468 -
$354詳解 FPGA:人工智能時代的驅動引擎 -
深入淺出設計模式, 2/e (Head First Design Patterns: Building Extensible and Maintainable Object-Oriented Software, 2/e)$980$774 -
Ethical Hacking : A Hands-On Introduction to Breaking in (Paperback)$1,780$1,691 -
黑帽 Python|給駭客與滲透測試者的 Python 開發指南, 2/e (Black Hat Python : Python Programming for Hackers and Pentesters, 2/e)$450$356 -
測試架構師修煉之道:從測試工程師到測試架構師, 2/e$654$621 -
複雜架構極簡化:領域驅動設計(DDD)10倍程式開發速度$1,000$790 -
$1,845Hacking APIs: Breaking Web Application Programming Interfaces (Paperback) -
Linux 網路內功修煉 - 徹底了解底層原理及高性能架構$780$663 -
演算法生存指南(書況差限門市銷售)$800$632 -
OAuth 2.0 從入門到實戰:利用驗證和授權守護 API 的安全$600$468 -
駭客就在你旁邊:內網安全攻防滲透你死我活, 2/e$880$695 -
ChatGPT 開發手冊 - 用 OpenAI API ‧ LangChain ‧ Embeddings 設計 Plugin、LINE/Discord bot、股票分析與客服自動化助理$750$593
商品描述
What every software professional should know about security.
Designing Secure Software consolidates Loren Kohnfelder's more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process.
The book begins with a discussion of core concepts like trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book's most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities.
You'll learn how to:
- Identify important assets, the attack surface, and the trust boundaries in a system
- Evaluate the effectiveness of various threat mitigation candidates
- Work with well-known secure coding patterns and libraries
- Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more
- Use security testing to proactively identify vulnerabilities introduced into code
- Review a software design for security flaws effectively and without judgment
Kohnfelder's career, spanning decades at Microsoft and Google, introduced numerous software security initiatives, including the co-creation of the STRIDE threat modeling framework used widely today. This book is a modern, pragmatic consolidation of his best practices, insights, and ideas about the future of software.
商品描述(中文翻譯)
**每位軟體專業人士應該了解的安全知識**
《設計安全軟體》整合了 Loren Kohnfelder 超過二十年的經驗,成為一本簡潔而優雅的指南,旨在提升科技產品的安全性。這本書是為各類軟體專業人士撰寫的,強調在軟體設計的早期階段就將安全性納入考量,並讓整個團隊參與這一過程。
本書首先討論了信任、威脅、緩解、安全設計模式和密碼學等核心概念。第二部分,或許是本書對該領域最獨特且重要的貢獻,涵蓋了在設計和審查軟體設計時考慮安全性的過程。最後一部分詳細說明了最常見的編碼缺陷,這些缺陷會造成漏洞,並大量使用用 C 和 Python 編寫的程式碼片段來說明實作漏洞。
您將學到如何:
- 確定系統中的重要資產、攻擊面和信任邊界
- 評估各種威脅緩解候選方案的有效性
- 使用知名的安全編碼模式和庫
- 理解並防止 XSS 和 CSRF、記憶體缺陷等漏洞
- 使用安全測試主動識別引入程式碼中的漏洞
- 有效且不帶評判地審查軟體設計中的安全缺陷
Kohnfelder 的職業生涯跨越數十年,在 Microsoft 和 Google 期間推出了多項軟體安全倡議,包括共同創建當今廣泛使用的 STRIDE 威脅建模框架。本書是他最佳實踐、見解和對軟體未來的想法的現代、務實的整合。
作者簡介
Loren Kohnfelder has over 20 years of experience working in the security industry for companies like Microsoft and Google. At Microsoft, he was a key contributor to the industry's first formalized proactive security process methodology, and program-managed the .NET platform security effort. He was also a key contributor to the first organized approach to security by any major software platform company. At Google he worked as a software engineer on the Security team and as a founding member of the Privacy team, performing numerous security design reviews of large-scale complex real-world commercial platforms and systems, while working on various projects as a developer. Now retired, Kohnfelder shares his unique experience in industry through this book.
作者簡介(中文翻譯)
Loren Kohnfelder 在安全產業擁有超過 20 年的經驗,曾在微軟和谷歌等公司工作。在微軟,他是業界首個正式化的主動安全流程方法論的主要貢獻者,並負責 .NET 平台的安全工作。他也是任何主要軟體平台公司首次組織化安全方法的關鍵貢獻者。在谷歌,他作為安全團隊的軟體工程師和隱私團隊的創始成員,對大型複雜的商業平台和系統進行了多次安全設計審查,同時作為開發者參與各種專案。現在已退休的 Kohnfelder 通過這本書分享他在業界的獨特經驗。
