John Viega & Gary McGraw
Published: 01 May 2002
We all see the fallout from poor security on a regular basis. New vulnerabilities hit Bugtraq at a dizzying pace. Step back, and you'll notice that most of these problems are born out of the same root cause -- insecure coding. Some software vendors are aware of this, but most are not. Even if they realize the problem, knowledge, formal resources and qualified personnel for creating secure code are scarce. Building Secure Software attempts to address the problem by providing a canon for secure coding practices.
The book is designed for programmers, project managers and software designers/architects -- all equally important players in the process of building secure software. The book's first half is high level, covering issues such as software risk management and the conceptual goals of securely engineered software. Selecting the "materials" for your project, such as the object platform (CORBA vs. DCOM vs. EJB/RMI), authentication method and, of course, the programming language are all included. On the downside, I would've liked to have seen an introduction to secure operating systems, rather than the simple discussion on shared process space versus protected process space (e.g., "why Windows 9x is bad").
The discussion on finding the right security personnel for a programming project covers all the bases, including the soft issues of departmental politics and development team mentalities. Without management demanding that security be a part of an application's foundation, the "roving bands of developers" (as the authors describe them) will write code without regard for security. The authors have been around the block, and it shows. More mature than the average security geek, they understand issues such as how to integrate software development models and secure programming practices.
The second half of the book is comprised of hard-core technical chapters on access control, race conditions, randomness, crypto, authentication, input validation, etc. A slant towards Unix and C is obvious. Comparatively, Windows only receives shorter, less detailed analysis-and sometimes with less accuracy. Java receives fair coverage, which isn't surprising given that McGraw is a noted authority on the subject.
Great attention is paid to buffer overflows -- enemy number one of software security problems. The presentation is comprehensive, but lacks illustrations and diagrams to guide the uninitiated. Unfortunately, one shouldn't assume that a modern programmer has the background to immediately grasp the concept of writing over the stack in the same way as an overflow attack. But understanding the concept and its potential consequences is key for motivating project managers, who need to build in extra time for development and testing, and programmers, who must realize their critical role in producing secure code.
At times, the book tends to insulate itself from the larger security community. Participation of the team and team members is vital to success, from the perspective of tool resources as well as industry best practices. Pointers to more outside references and examples of instructive open-source projects that demonstrate secure programming practices would be useful. Further, the authors incessantly point back to the book's own Web site to refer to simple URLs for products and tools.
The greatest measure of the success of Building Secure Software would be discovering it's a required text for all computer science and MIS undergraduates. While not a one-stop reference, it's a good introduction to secure programming and an excellent technical reference for certain subtopics. If your development platform is Windows- or Web-oriented, be sure to supplement this book with titles that are more appropriate. Building Secure Software is an excellent foundation resource, which will likely become more valuable with future editions.
About the Author: Patrick Mueller is a book reviewer for Information Security and a security analyst for a Chicago-based security consulting firm.