REVIEW: "Building Secure Software", John Viega/Gary McGraw

[InfoSec News <isn () c4i org>]

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade () sprint ca>

BKBUSCSW.RVW   20021124

"Building Secure Software", John Viega/Gary McGraw, 2002,
0-201-72152-X, U$54.99/C$82.50
%A   John Viega www.buildingsecuresoftware.com
%A   Gary McGraw www.buildingsecuresoftware.com
%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   2002
%G   0-201-72152-X
%I   Addison-Wesley Publishing Co.
%O   U$54.99/C$82.50 416-447-5101 fax: 416-443-0948
%O  http://www.amazon.com/exec/obidos/ASIN/020172152X/robsladesinterne
%P   493 p.
%T   "Building Secure Software: How to Avoid Security Problems the
      Right Way"

The "right way" of the subtitle is, of course, designing and building
a product correctly the first time.  The preface states that the book
is concerned with broad principles of systems development, and so does
not cover specialized topics such as code authentication and
sandboxing.  It also points out that software vendors are effectively
exempt from liability, and so have no reason to produce secure or
reliable software.

Chapter one is an introduction to software security, with an overview
of related topics and considerations.  Managing software security
risks, in chapter two, looks at good practices in the system
development life cycle, the position of the security engineer in
development, and standards.  The authors point out problems in common
security "solutions," mostly dealing with authentication, in chapter
three.  The common myths about the security of open and closed source
systems are examined in chapter four.  Instead of a checklist of
thousands of security items (that likely won't be of much use anyway),
chapter five presents ten guiding principles which will probably catch
most problems.  The list is not a panacea: the first principle is to
secure the weakest link, and it takes lots of forethought to design
this for type of factor in advance.  Auditing software, in chapter
six, is more about security assessments being conducted at various
stages in the process, for example, using attack trees at the design
stage.

The preface states that the book is divided into two parts, conceptual
and implementation, and, although there is no formal division, this is
probably the beginning of part two.  Chapter seven looks at buffers
overflows, always and still the most common software security problem. 
This book, it must be assumed, is written primarily for a programming
audience, and yet the first part has presented concepts very clearly
without necessarily getting into code examples.  At this point,
however, the material is definitely written for advanced C (and
specifically UNIX) programmers, and the basic concepts are sometimes
hidden in the details.  Access control, primarily in UNIX systems,
although with some mention of special capabilities in Windows NT, is
the topic of chapter eight.  Chapter nine deals with race conditions,
including the familiar "time of check versus time of use" problem,
although most of the material is limited to file access concerns. 
There is an excellent and thorough discussion of pseudo random number
generation in chapter ten.  Applying cryptography, in chapter eleven,
stresses the fact that you shouldn't "roll your own," helps out by
reviewing publicly available cryptographic code libraries, and even
examines the drawbacks of one-time pads.  Managing trust and input
validation, in chapter twelve, emphasizes input concerns to the point
that an important element is possibly buried: in the modern
environment, you not only have to trust the goodwill of an entity, but
also its ability to defend itself, so as not to become part of an
attack against you.  Password authentication, in chapter thirteen,
promotes randomly chosen passwords.  Given a work directed at
programming I suppose this is understandable, but recent research has
shown that "well chosen" passwords are as easy to remember as naive,
and as secure as random.  Chapter fourteen is an overview of the basic
aspects of database security, although it only touches on the more
advanced topics of this specialized field.  Client-side security
concentrates on copy protection and other anti-piracy measures in
chapter fifteen.  Some means of establishing a connection through a
firewall are examined in chapter sixteen.

While I can understand and sympathize with the desire to give examples
of specific code in dealing with implementation details, there are a
number of major concepts covered in the latter part of the book which
would have been more accessible to non-programmers had they been dealt
with as tutorially as in the first part.  Still, the book has a great
deal to teach programmers about security and reliability, and security
professionals about the requirements of the development process.

copyright Robert M. Slade, 2002   BKBUSCSW.RVW   20021124

-- 
======================
rslade () vcn bc ca  rslade () sprint ca  slade () victoria tc ca p1 () canada com
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
    February 10, 2003   February 14, 2003   St. Louis, MO
    March 31, 2003      April 4, 2003       Indianapolis, IN



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.