What do you think?
Rate this book
Writing Secure Code
The Barnes & Noble Review
Your code will be attacked. You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how.
Your code will be attacked. You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how.
This edition draws on the lessons learned and taught throughout Microsoft during the firm s massive 2002 Windows Security Push. It s a huge upgrade to the respected First Edition, with new coverage across the board.
Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them.
Then, it s on to in-depth coverage of today s key security issues from the developer s standpoint. Everyone knows buffer overruns are bad: Here s a full chapter on avoiding them. You ll learn how to establish appropriate access controls and default to running with least privilege. There s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting.
We ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won t just improve security -- it ll dramatically improve robustness and reliability, too. Bill Camarda
Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.
768 pages, Paperback
First published January 1, 2001
44 people are currently reading
1,088 people want to read
About the author
Michael Howard
17Ìýbooks8ÌýfollowersLibrarian Note: There is more than one author by this name in the Å·±¦ÓéÀÖ database.
software security expert from Microsoft
software security expert from Microsoft
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 10 of 10 reviews
November 11, 2017
This book should be called "Writing Secure Code in Windows and C, in 2001."
In 2001, this was probably a fantastic book. But in 2017, I found that the material is dated and way too focused on problems that are specific to C and old versions of Windows. The book does teach some of the underlying security principles too, and those are as important today as ever, but the security practices and threats you have to take into account have evolved considerably since 2001, and the problems you face on other operating systems, programming languages, and application types are considerably different.
For example, the book spends a huge amount of time on various flavors of buffer overruns, and calls them "public enemy #1", but the reality is that buffer overruns are largely a non-issue in most modern languages, and they are only a serious vulnerability in old, low-level languages like C (honestly, using C in 2017 for anything security-sensitive is damn-near criminal negligence). The book also spends a ton of time talking about the Windows registry, Windows ACLs, and Windows APIs, whereas the vast majority of developers I know today are building either (a) server-side software that runs on Linux or (b) client-side software that runs in the browser, iOS, or Android, so best-practices for Windows app development seems totally irrelevant.
Worse yet, while the book touches a bit on server-side development, the advice there is very weak and dated. For example, the information on how to store passwords is woefully incomplete. There is no mention of Cross-Site Request Forgery (CSRF) attacks. There is no advice on regularly patching vulnerabilities in long-running servers. There is very little discussion on the dangers of eval, which is a massive source of vulnerabilities in all dynamic languages (another weakness of focusing too much on C). There is no discussion on the safety of various over-the-wire protocols and parsing. The recommended algorithms for encryption and hashing are dated, and some of them should no longer be used at all. In short, it's dangerous to rely on this book for your security advice in 2017. You're honestly better off starting with the OWASP top 10.
I'll also say that Windows does not exactly have a sterling record when it comes to security, especially in the 2001 era (remember that virus that could reboot your computer via RPC?), so I found it a bit odd to be reading a "security best practices" guide from Microsoft. And some of the advice was just downright useless: "the first line of defense is simply to write solid code." Gee, thanks. That's like saying "the way to avoid security vulnerabilities in your code is to write code without security vulnerabilities."
That said, there are a few gems here and there. The discussions on how to do threat modeling, how to create data flow diagrams (DFDs), and how to use STRIDE (Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service, Escalation of privilege) for threat analysis were pretty useful. I also enjoyed that the book contains a large number of real-world examples of vulnerabilities. New developers need to see as many of these as possible to realize that (a) your software WILL be attacked, (b) hackers are very creative, and (c) getting security right is incredibly hard. I also found the basic list of security practices to be quite handy:
- Learn from mistakes
- Minimize your attack surface
- Use defense in depth
- Use least privilege
- Employ secure defaults
- Remember that backward compatibility will always give you grief
- Assume external systems are insecure
- Plan on failure
- Fail to a secure mode
- Remember that security features != secure features
- Never depend on security through obscurity alone
- Don’t mix code and data
- Fix security issues correctly
In 2001, this was probably a fantastic book. But in 2017, I found that the material is dated and way too focused on problems that are specific to C and old versions of Windows. The book does teach some of the underlying security principles too, and those are as important today as ever, but the security practices and threats you have to take into account have evolved considerably since 2001, and the problems you face on other operating systems, programming languages, and application types are considerably different.
For example, the book spends a huge amount of time on various flavors of buffer overruns, and calls them "public enemy #1", but the reality is that buffer overruns are largely a non-issue in most modern languages, and they are only a serious vulnerability in old, low-level languages like C (honestly, using C in 2017 for anything security-sensitive is damn-near criminal negligence). The book also spends a ton of time talking about the Windows registry, Windows ACLs, and Windows APIs, whereas the vast majority of developers I know today are building either (a) server-side software that runs on Linux or (b) client-side software that runs in the browser, iOS, or Android, so best-practices for Windows app development seems totally irrelevant.
Worse yet, while the book touches a bit on server-side development, the advice there is very weak and dated. For example, the information on how to store passwords is woefully incomplete. There is no mention of Cross-Site Request Forgery (CSRF) attacks. There is no advice on regularly patching vulnerabilities in long-running servers. There is very little discussion on the dangers of eval, which is a massive source of vulnerabilities in all dynamic languages (another weakness of focusing too much on C). There is no discussion on the safety of various over-the-wire protocols and parsing. The recommended algorithms for encryption and hashing are dated, and some of them should no longer be used at all. In short, it's dangerous to rely on this book for your security advice in 2017. You're honestly better off starting with the OWASP top 10.
I'll also say that Windows does not exactly have a sterling record when it comes to security, especially in the 2001 era (remember that virus that could reboot your computer via RPC?), so I found it a bit odd to be reading a "security best practices" guide from Microsoft. And some of the advice was just downright useless: "the first line of defense is simply to write solid code." Gee, thanks. That's like saying "the way to avoid security vulnerabilities in your code is to write code without security vulnerabilities."
That said, there are a few gems here and there. The discussions on how to do threat modeling, how to create data flow diagrams (DFDs), and how to use STRIDE (Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service, Escalation of privilege) for threat analysis were pretty useful. I also enjoyed that the book contains a large number of real-world examples of vulnerabilities. New developers need to see as many of these as possible to realize that (a) your software WILL be attacked, (b) hackers are very creative, and (c) getting security right is incredibly hard. I also found the basic list of security practices to be quite handy:
- Learn from mistakes
- Minimize your attack surface
- Use defense in depth
- Use least privilege
- Employ secure defaults
- Remember that backward compatibility will always give you grief
- Assume external systems are insecure
- Plan on failure
- Fail to a secure mode
- Remember that security features != secure features
- Never depend on security through obscurity alone
- Don’t mix code and data
- Fix security issues correctly
March 16, 2018
Insightful especially if you weren't thinking about security for for like, well.. never. Otherwise, rather entry level and already quite dated coverage (on technical side), but still relevant whilst covering thread modelling, general practices etc. Time to look for something modern in the same domain.
September 7, 2018
It's a very good book and it has important tips for coding
July 30, 2017
An authoritative reference to addressing security needs. It is meant as a guide for software developers as opposed to security for system administrators. You will learn many of the tricks that hackers employ, how not to write code that they can exploit and also some of the common myths about code security. There is a lot about C/C++ code exploits, but there is much material for programmers in other languages and platforms. It is a very long book.
August 25, 2013
Regardless of the fact that much of the information and examples is only applicable to Windows programming, this book puts forward some very good ideas that should be part of the common sense of every programmer. I liked some chapters that presented information that was new to me like Threat Modeling.
June 5, 2012
The general advice within this book is sound. However, it spends quite a bit of time on specific ways to secure Windows applications running on XP and earlier versions of the OS. If you don't do that type of development, much of the advice in the book is no longer relevant.
November 20, 2012
Very useful information on general security best practices. A lot of Windows code examples that I found less interesting (primarily doing Mac development) but that's obviously the author's expertise so it makes sense for it to be there.
April 19, 2007
This book is a great starting place for learning about avoiding common programming mistakes that create security vulnerabilities.
January 1, 2013
This book is good for coding (c++) securely but mainly under windows
July 20, 2013
Teaches you about secure coding practices. A must read for every programmer ...
Displaying 1 - 10 of 10 reviews
Can't find what you're looking for?
Get help and learn more about the design.