Structure of This Book

This book consists of six chapters.

The organization of this book closely follows a typical[2] software development process or methodology known as the waterfall development methodology or Systems Development Lifecycle Model (SDLC).

[2] While numerous software development methodologies exist, we have chosen to follow the waterfall model because it is commonly found in practice. The organization scheme we've followed in this book could be adapted to most other development with minimal effort.

Chapter 1 discusses the "catch and patch" cycle of security bugs, introduces some attack types and potential defenses against them, and talks about the technical, psychological, and real-world factors (such as market forces) that stack the odds against secure application development. It also suggests some ways that society, our governments, and we as individuals can help make the Internet more secure.

Chapter 2 focuses on the architectural stage of development. It shows how to apply accepted security principles (for example, least privilege) to limit even the impact of successful attempts to subvert software.

Chapter 3 discusses principles of secure design. We emphasize the need to decide at design time how the program will behave when confronted with fatally flawed input data, and offer alternatives to "choke and die" (for example, graceful degradation). We also discuss ...

Get Secure Coding: Principles and Practices now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial