Secure Coding by Mark G. Graff, Kenneth R. van Wyk
Book Review Team
Joined: Feb 15, 2002
<pre>Author/s : Mark G. Graff, Kenneth R. van Wyk Publisher : O'Reilly Category :Other Review by : Junilu Lacar Rating : 9 horseshoes</pre> This book goes beyond the technical aspects of security into things like psychology, economics, politics, and even history. "Why do good people write bad code?...To find security holes, think like an alien... How do economic and other social factor work against security quality?" These are just some of the things the authors touch on in presenting a holistic view of the security issues that must be dealt with when developing an application. This is not a "cookbook" so don't expect to find many code examples; the few that you will find are in C. What you will find are a number of thought-provoking discussions and valuable insights into the root causes of security vulnerabilities. The authors share useful techniques, guidelines and checklists that they have used to create applications that are "just secure enough." They highlight both good and bad practices and present a number of case studies to help bring home important points. Managers, architects, designers, developers and even users will find something useful in this book. This book will help you realize, if you haven't already, that security is neither trivial nor something that you can add on later: it needs to be designed into your application from the very start and continuously evaluated throughout the development process. And if you already knew that, you just might realize just how much more there really is to consider besides what you already do now to secure your applications.