­                                 

 

 

Foundations of Security: What Every Programmer Needs to Know 

by Neil Daswani, Christoph Kern, and Anita Kesavan

Publishes: February 2007; ISBN: 1-59059-784-2; $39.99 US; 290 pages

 

Berkeley, CA—March 2007: Chances are that unless we all learn something about security, the Internet will continue to be a very vulnerable place in which cybercriminals thrive. The number of security vulnerabilities reported to the federally-funded Computer Emergency Response Team (CERT) at Carnegie-Mellon University climbed from 5,990 in 2005 to 8,064 in 2006. According to IBM's Internet Security Systems division, 88.4 percent of all 2006 vulnerabilities could be exploited remotely, and over half the vulnerabilities would allow an attacker to gain access to the host (that is, your computer) after successful exploitation. Many of these vulnerabilities are used by cyberthieves to commit identity theft, steal credit card numbers, and launch online attacks using malware and botnets.

 

What's the root cause? Software with security design flaws, and software with implementation bugs that can be abused.

 

This book takes a principled approach to helping you design and implement your applications to be secure from the ground up, and illustrates these principles using running examples of web applications throughout the book. Just as you might use object-oriented design principles to achieve extensibility and code-reuse, you need to learn about security design principles, such as the principle of least privilege, fail-safe stance, and securing the weakest link to achieve security, all of which is covered in this book.

 

What people are saying:

 

“Information Technology is for everyone, not just geeks. But that means security is everyone's business, as you will discover in the pages of this excellent book!”

— Vinton G. Cerf - a Founding Father of the Internet

 

“This book serves as a great complement to the courses that make up the Stanford Center for Professional Development (SCPD) Security Certification Program. The book explains in detail how to defend against a wide range of attacks, and teaches principles of secure system design.”

—      Dr. Dan Boneh, Associate Professor, Computer Science

and Electrical Engineering, Stanford University

 

About the Authors:

 

Neil Daswani has served in a variety of research, development, teaching, and managerial roles at Google, Stanford University, DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia Technologies). His areas of expertise include security, wireless data technology, and peer-to-peer systems. He has published many papers in these areas, often gives talks at industry and academic conferences, and has been granted several U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University, and helped create the Computer Security Certification Program at the Stanford Center for Professional Development while he was there.  He earned a bachelor's in computer science with honors with distinction from Columbia University.

 

Christoph Kern is an information security engineer at Google and was previously a senior security architect at Yodlee, a provider of technology solutions to the financial services industry.

 

Anita Kesavan is a freelance writer and received her M.F.A. in creative writing from Sarah Lawrence College. She specializes in communicating complex technical ideas in simple, easy-to-understand language.

 

About Apress:

 

Apress L.P., based in Berkeley, California, is the fastest-growing publisher of technical books in the world today. It is dedicated to meeting the needs of IT professionals, from novice to expert. Apress is dedicated to publishing titles of the highest quality and has compiled a team of authors that is a “Who’s Who” of the high-tech industry.