Writing Secure Code by Michael Howard and David LeBlanc

Many books that cover building secure applications outline only one part of the solution: the code. This book aims to be different by covering design, coding, testing, and documentation. All of these aspects are important for delivering secure systems, and it’s imperative that you adopt a disciplined process that incorporates these aspects. Simply adding some “good ideas” or a handful of “best practices” and checklists to a poor development process will result in only marginally more secure products. In this chapter, I’ll describe in a general way some methods for improving the security focus of the development process. I’ll then spend a good amount of time on educational issues because education ...