"What Every Programmer Needs To Know About Security" introduces software professionals to the mindset and techniques they need to know to build secure software systems. Software has become part of the world's critical infrastructure, but typically is not well protected from attacks. Programmers to date have traditionally been taught to focus on performance and correctness, which is unfortunately not enough in a networked world of constantly-attacking hackers. This book teaches programmers how to also focus on safety, reliability, and security so that software can withstand attack. Once enabled with the knowledge presented in this book, professionals can start to alleviate some of the inherent vulnerabilities that make today's software so susceptible to attack. "What Every Programmer Needs To Know About Security" is designed for professional software programmers, both experienced and novice, as well as for research scientists. It is also suitable as a secondary text for advanced-level students in computer science and software engineering.
Preface.- The Goals of Computer Security.- Secure Systems Design: Approaches and Trade-offs.- Secure Systems Design: Principles.- An Introduction To Cryptography: Low-Level Primitives.- An Introduction To Cryptography: Higher-Level Primitives.- Threats Against Software.- Buffer Overflow Vulnerabilities.- Other Input Validation Vulnerabilities.- Password Security.- Using Cryptography Correctly.- The Security Review Process.- Summary.- Index.