Structure of This Book

This book consists of six chapters.

The organization of this book closely follows a typical[2] software development process or methodology known as the waterfall development methodology or Systems Development Lifecycle Model (SDLC).

[2] While numerous software development methodologies exist, we have chosen to follow the waterfall model because it is commonly found in practice. The organization scheme we've followed in this book could be adapted to most other development with minimal effort.

Chapter 1 discusses the "catch and patch" cycle of security bugs, introduces some attack types and potential defenses against them, and talks about the technical, psychological, and real-world factors (such as market forces) that stack the odds against secure application development. It also suggests some ways that society, our governments, and we as individuals can help make the Internet more secure.

Chapter 2 focuses on the architectural stage of development. It shows how to apply accepted security principles (for example, least privilege) to limit even the impact of successful attempts to subvert software.

Chapter 3 discusses principles of secure design. We emphasize the need to decide at design time how the program will behave when confronted with fatally flawed input data, and offer alternatives to "choke and die" (for example, graceful degradation). We also discuss security retrofitting briefly?"what to do when you don't have the source code"?to protect software with certain vulnerabilities from being exploited even if you can't fix the bugs.

Chapter 4 goes beyond the simplistic "don't do it" to demonstrate the need to follow sound coding practices?for example, to sanitize (not simply truncate) the character streams representing the program's entire interface with its environment (not only command lines and environment variables).

Chapter 5 discusses such issues as the timely installation of patch updates. Sites following sound operational procedures can often be shielded from the impact of such attacks as the "Slammer" of 2003, as well as similar attacks that might exploit weaknesses in application libraries or plug-ins, affecting web applications or other key programs deployed throughout an enterprise. We also make dozens of other concrete practical suggestions for helping secure your application during this oft-neglected stage.

Chapter 6 explains several runtime testing methods (for example, black-box testing) now available to check for flaws such as the presence of overflowable buffers. It also covers static code checkers and suggests ways to implement automated application security scorecards and other simple tools.

Each chapter focuses on recommended secure coding practices during a particular stage of development (as well as practices you should avoid). The chapters conclude several case studies that relate to the particular topic under discussion, along with questions for further consideration.

This book also contains an appendix listing the books, papers, articles, and web sites that we have found most useful, and we recommend to you for further information.