Foundations of Security: What Every Programmer Needs to Know

0.0

What every programmer needs to know about security, illustrated with running examples of web applications and stories of what's gone wrong in the past. This book takes a principles approach to helping you design and implement your applications to be secure from the ground-up and illustrates these principles using running examples of web applications throughout the book. This book does not just focus on merely teaching you tips and tricks that allow you to band aid the security of your systems. Instead, it illustrates how security principles can be employed to prevent some of the most significant, current-day attack types, such as cross-site scripting (XSS) and SQL injection as well as more traditional attack types such as buffer overflows. About The Author Neil Daswani has served in a variety of research, development, teaching and managerial roles at Google, NTT DoCoMo USA Labs, Stanford University, Yodlee and Telcordia Technologies (formely Bellcore). While at Stanford, Neil confounded the Stanford Center Professional Development (SCPD) security Certification program. His areas of expertise include security, peer-to-peer systems and wireless data technology. He has published extensively in these areas; he frequently gives talks at industry and academic conferences and has been granted several US patents. He received PhD in computer Science from Stanford University. He also holds an MS in Computer Science from Stanford University and a BS in Computer Science with Honors with distinction from Columbia University. Cristoph Kern is an Information security engineer at Google, and was previously a senior security architect at Yodlee, a provider of technology solutions to the financial services industry. He has extensive experience in performing security design reviews and code audits, designing and developing secure applications and helping product managers and software engineers effectively mitigate security risks in their software products. Anita Keswani is a freelance writer and received MFA in creative writing from sarah Lawrence College. She also holds a BA in English from Illinois-Wesleyan University. One of her specializations is communicating complex technical ideas in simple, easy-to-understand language. Table Of Contents Part I Security Design Principles Security Goals Secure Systems Design Secure Design Principles Exercises for Part 1 Part II Secure Programming Techniques Worms and Other Malware Buffer Overflows Client-State Manipulation SQL Injection Password Security Cross-Domain Security in Web Applications Exercises for Part 2 Part III Introduction to Cryptography Symmetric Key Cryptography Asymmetric Key Cryptography Key Management and Exchange MACs and Signatures Exercises for Part 3