The following topics are outside the scope of this concise book. We generally do not supply:
Fine books have been written (and no doubt will continue to be written) that provide the reader with detailed examples of how to code securely in various programming languages. How can you open files securely? We talk about it. How can you do better than Kerberos 4 (first release) at random-number generation? We explain the problem. But we rarely show with a code excerpt how to do X in Y. That goal?a worthy one?was not what we set out to do. Indeed, we firmly believe that attempting to write secure software using nothing but examples (however good they are), while lacking the fundamental understanding of security we try to convey in this book, would be akin to trying to cook a great gourmet meal armed with nothing more than an ingredient list. While a great chef could certainly do just that, most people couldn't. The chef, you see, already has the fundamental skill of knowing how to cook food properly.
You will find very few references here to specific operating systems, products, or utilities. Unless we need to clarify a concept, we avoid that territory. For one reason, it dates quickly. For another, there are many good books and magazines available already that fill that need. Most importantly, we believe that such specifics would distract you (and us) from the reflective thinking we all need to do.
We agree that there is a need for a set of in-depth design guidelines and case studies spanning the entire development cycle of today's complex multitiered applications. Some of the topics might include the use of application service providers, discovery services, identity federation, single sign-on, and shared servers. We didn't take on that job, as we think it would require many more volumes to do it justice. We also have not tackled some recent complications in the network environment such as the emerging ubiquity of wireless communications.
While we discuss numerous software vulnerabilities in this book, we don't provide examples (well, we made one exception) of how to exploit them.