BKBUSCSW.RVW 20021124 "Building Secure Software", John Viega/Gary McGraw, 2002, 0-201-72152-X, U$54.99/C$82.50 %A John Viega www.buildingsecuresoftware.com %A Gary McGraw www.buildingsecuresoftware.com %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8 %D 2002 %G 0-201-72152-X %I Addison-Wesley Publishing Co. %O U$54.99/C$82.50 416-447-5101 fax: 416-443-0948 %O http://www.amazon.com/exec/obidos/ASIN/020172152X/robsladesinterne %P 493 p. %T "Building Secure Software: How to Avoid Security Problems the Right Way" The "right way" of the subtitle is, of course, designing and building a product correctly the first time. The preface states that the book is concerned with broad principles of systems development, and so does not cover specialized topics such as code authentication and sandboxing. It also points out that software vendors are effectively exempt from liability, and so have no reason to produce secure or reliable software. Chapter one is an introduction to software security, with an overview of related topics and considerations. Managing software security risks, in chapter two, looks at good practices in the system development life cycle, the position of the security engineer in development, and standards. The authors point out problems in common security "solutions," mostly dealing with authentication, in chapter three. The common myths about the security of open and closed source systems are examined in chapter four. Instead of a checklist of thousands of security items (that likely won't be of much use anyway), chapter five presents ten guiding principles which will probably catch most problems. The list is not a panacea: the first principle is to secure the weakest link, and it takes lots of forethought to design this for type of factor in advance. Auditing software, in chapter six, is more about security assessments being conducted at various stages in the process, for example, using attack trees at the design stage. The preface states that the book is divided into two parts, conceptual and implementation, and, although there is no formal division, this is probably the beginning of part two. Chapter seven looks at buffers overflows, always and still the most common software security problem. This book, it must be assumed, is written primarily for a programming audience, and yet the first part has presented concepts very clearly without necessarily getting into code examples. At this point, however, the material is definitely written for advanced C (and specifically UNIX) programmers, and the basic concepts are sometimes hidden in the details. Access control, primarily in UNIX systems, although with some mention of special capabilities in Windows NT, is the topic of chapter eight. Chapter nine deals with race conditions, including the familiar "time of check versus time of use" problem, although most of the material is limited to file access concerns. There is an excellent and thorough discussion of pseudo random number generation in chapter ten. Applying cryptography, in chapter eleven, stresses the fact that you shouldn't "roll your own," helps out by reviewing publicly available cryptographic code libraries, and even examines the drawbacks of one-time pads. Managing trust and input validation, in chapter twelve, emphasizes input concerns to the point that an important element is possibly buried: in the modern environment, you not only have to trust the goodwill of an entity, but also its ability to defend itself, so as not to become part of an attack against you. Password authentication, in chapter thirteen, promotes randomly chosen passwords. Given a work directed at programming I suppose this is understandable, but recent research has shown that "well chosen" passwords are as easy to remember as naive, and as secure as random. Chapter fourteen is an overview of the basic aspects of database security, although it only touches on the more advanced topics of this specialized field. Client-side security concentrates on copy protection and other anti-piracy measures in chapter fifteen. Some means of establishing a connection through a firewall are examined in chapter sixteen. While I can understand and sympathize with the desire to give examples of specific code in dealing with implementation details, there are a number of major concepts covered in the latter part of the book which would have been more accessible to non-programmers had they been dealt with as tutorially as in the first part. Still, the book has a great deal to teach programmers about security and reliability, and security professionals about the requirements of the development process. copyright Robert M. Slade, 2002 BKBUSCSW.RVW 20021124