[ISN] REVIEW: "Building Secure Software", John Viega/Gary McGraw

From: InfoSec News (isnat_private)
Date: Thu Jan 16 2003 - 22:37:16 PST

  • Next message: InfoSec News: "Re: [ISN] Why I should have the right to kill a malicious process on your machine"

    Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rsladeat_private>
    
    BKBUSCSW.RVW   20021124
    
    "Building Secure Software", John Viega/Gary McGraw, 2002,
    0-201-72152-X, U$54.99/C$82.50
    %A   John Viega www.buildingsecuresoftware.com
    %A   Gary McGraw www.buildingsecuresoftware.com
    %C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
    %D   2002
    %G   0-201-72152-X
    %I   Addison-Wesley Publishing Co.
    %O   U$54.99/C$82.50 416-447-5101 fax: 416-443-0948
    %O  http://www.amazon.com/exec/obidos/ASIN/020172152X/robsladesinterne
    %P   493 p.
    %T   "Building Secure Software: How to Avoid Security Problems the
          Right Way"
    
    The "right way" of the subtitle is, of course, designing and building
    a product correctly the first time.  The preface states that the book
    is concerned with broad principles of systems development, and so does
    not cover specialized topics such as code authentication and
    sandboxing.  It also points out that software vendors are effectively
    exempt from liability, and so have no reason to produce secure or
    reliable software.
    
    Chapter one is an introduction to software security, with an overview
    of related topics and considerations.  Managing software security
    risks, in chapter two, looks at good practices in the system
    development life cycle, the position of the security engineer in
    development, and standards.  The authors point out problems in common
    security "solutions," mostly dealing with authentication, in chapter
    three.  The common myths about the security of open and closed source
    systems are examined in chapter four.  Instead of a checklist of
    thousands of security items (that likely won't be of much use anyway),
    chapter five presents ten guiding principles which will probably catch
    most problems.  The list is not a panacea: the first principle is to
    secure the weakest link, and it takes lots of forethought to design
    this for type of factor in advance.  Auditing software, in chapter
    six, is more about security assessments being conducted at various
    stages in the process, for example, using attack trees at the design
    stage.
    
    The preface states that the book is divided into two parts, conceptual
    and implementation, and, although there is no formal division, this is
    probably the beginning of part two.  Chapter seven looks at buffers
    overflows, always and still the most common software security problem. 
    This book, it must be assumed, is written primarily for a programming
    audience, and yet the first part has presented concepts very clearly
    without necessarily getting into code examples.  At this point,
    however, the material is definitely written for advanced C (and
    specifically UNIX) programmers, and the basic concepts are sometimes
    hidden in the details.  Access control, primarily in UNIX systems,
    although with some mention of special capabilities in Windows NT, is
    the topic of chapter eight.  Chapter nine deals with race conditions,
    including the familiar "time of check versus time of use" problem,
    although most of the material is limited to file access concerns. 
    There is an excellent and thorough discussion of pseudo random number
    generation in chapter ten.  Applying cryptography, in chapter eleven,
    stresses the fact that you shouldn't "roll your own," helps out by
    reviewing publicly available cryptographic code libraries, and even
    examines the drawbacks of one-time pads.  Managing trust and input
    validation, in chapter twelve, emphasizes input concerns to the point
    that an important element is possibly buried: in the modern
    environment, you not only have to trust the goodwill of an entity, but
    also its ability to defend itself, so as not to become part of an
    attack against you.  Password authentication, in chapter thirteen,
    promotes randomly chosen passwords.  Given a work directed at
    programming I suppose this is understandable, but recent research has
    shown that "well chosen" passwords are as easy to remember as naive,
    and as secure as random.  Chapter fourteen is an overview of the basic
    aspects of database security, although it only touches on the more
    advanced topics of this specialized field.  Client-side security
    concentrates on copy protection and other anti-piracy measures in
    chapter fifteen.  Some means of establishing a connection through a
    firewall are examined in chapter sixteen.
    
    While I can understand and sympathize with the desire to give examples
    of specific code in dealing with implementation details, there are a
    number of major concepts covered in the latter part of the book which
    would have been more accessible to non-programmers had they been dealt
    with as tutorially as in the first part.  Still, the book has a great
    deal to teach programmers about security and reliability, and security
    professionals about the requirements of the development process.
    
    copyright Robert M. Slade, 2002   BKBUSCSW.RVW   20021124
    
    -- 
    ======================
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
    Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
        February 10, 2003   February 14, 2003   St. Louis, MO
        March 31, 2003      April 4, 2003       Indianapolis, IN
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Jan 17 2003 - 00:52:30 PST