Building Secure Software und über 1 Million weitere Bücher verfügbar für Amazon Kindle . Erfahren Sie mehr


oder
Loggen Sie sich ein, um 1-Click® einzuschalten.
Alle Angebote
Möchten Sie verkaufen? Hier verkaufen
Building Secure Software: How to Avoid Security Problems the Right Way (Addison-Wesley Professional Computing)
 
 
Für Kunden: Stellen Sie Ihre eigenen Bilder ein.
Verleger: So können Kunden in diesem Buch suchen.
Beginnen Sie mit dem Lesen von Building Secure Software auf Ihrem Kindle in weniger als einer Minute.

Sie haben keinen Kindle? Hier kaufen oder eine gratis Kindle Lese-App herunterladen.

Building Secure Software: How to Avoid Security Problems the Right Way (Addison-Wesley Professional Computing) [Englisch] [Gebundene Ausgabe]

John Viega (Autor), Gary McGraw (Autor)
4.0 von 5 Sternen  Alle Rezensionen anzeigen (2 Kundenrezensionen)
Statt: EUR 48,99
Jetzt: EUR 45,20 kostenlose Lieferung. Siehe Details.
Sie sparen: EUR 3,79 (8%)
  Alle Preisangaben inkl. MwSt.
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Derzeit nicht auf Lager.
Bestellen Sie jetzt und wir liefern, sobald der Artikel verfügbar ist. Sie erhalten von uns eine E-Mail mit dem voraussichtlichen Lieferdatum, sobald uns diese Information vorliegt. Ihr Konto wird erst dann belastet, wenn wir den Artikel verschicken.
Verkauf und Versand durch Amazon.de. Geschenkverpackung verfügbar.

Weitere Ausgaben

 Amazon-Preis Neu ab Gebraucht ab
Kindle Edition EUR 29,00   -- --
Gebundene Ausgabe EUR 45,20   -- --
Taschenbuch EUR 52,99   -- --

Kunden, die diesen Artikel angesehen haben, haben auch angesehen

Produktinformation

  • Gebundene Ausgabe: 528 Seiten
  • Verlag: Addison-Wesley Longman, Amsterdam (3. Oktober 2001)
  • Sprache: Englisch
  • ISBN-10: 020172152X
  • ISBN-13: 978-0201721522
  • Größe und/oder Gewicht: 24 x 19,3 x 3 cm
  • Durchschnittliche Kundenbewertung: 4.0 von 5 Sternen  Alle Rezensionen anzeigen (2 Kundenrezensionen)
  • Amazon Bestseller-Rang: Nr. 41.680 in Englische Bücher (Siehe Top 100 in Englische Bücher)

    •  Möchten Sie die Produktinformationen aktualisieren oder Feedback zu den Produktabbildungen geben?

     Ist der Verkauf dieses Produkts für Sie nicht akzeptabel?

  • Komplettes Inhaltsverzeichnis ansehen

Mehr über die Autoren

Entdecken Sie Bücher, lesen Sie über Autoren und mehr
Gary McGraw
Gary McGraw
John Viega
John Viega

Produktbeschreibungen

Kurzbeschreibung

Most organizations have a firewall, antivirus software, and intrusion detection systems, all of which are intended to keep attackers out. So why is computer security a bigger problem today than ever before? The answer is simple--bad software lies at the heart of all computer security problems. Traditional solutions simply treat the symptoms, not the problem, and usually do so in a reactive way. This book teaches you how to take a proactive approach to computer security. Building Secure Software cuts to the heart of computer security to help you get security right the first time. If you are serious about computer security, you need to read this book, which includes essential lessons for both security professionals who have come to realize that software is the problem, and software developers who intend to make their code behave. Written for anyone involved in software development and use--from managers to coders--this book is your first step toward building more secure software. Building Secure Software provides expert perspectives and techniques to help you ensure the security of essential software. If you consider threats and vulnerabilities early in the devel-opment cycle you can build security into your system. With this book you will learn how to determine an acceptable level of risk, develop security tests, and plug security holes before software is even shipped. Inside you'll find the ten guiding principles for software security, as well as detailed coverage of: * Software risk management for security * Selecting technologies to make your code more secure * Security implications of open source and proprietary software * How to audit software * The dreaded buffer overflow * Access control and password authentication * Random number generation * Applying cryptography * Trust management and input * Client-side security * Dealing with firewalls Only by building secure software can you defend yourself against security breaches and gain the confidence that comes with knowing you won't have to play the "penetrate and patch" game anymore. Get it right the first time. Let these expert authors show you how to properly design your system; save time, money, and credibility; and preserve your customers' trust.

Synopsis

In the age of e-Business, information security is no longer a minor detail: it's at the heart of every business process and relationship. And software -- not firewalls, intrusion detection systems, or anything else -- is at the heart of most security problems. In Building Secure Software, two of the field's leading experts present a start-to-finish methodology for developing secure systems. They cover the entire software lifecycle, showing how to identify and respond to vulnerabilities as early in the process as possible, when security enhancements cost less -- and are more effective. In Part I, the authors focus on the security issues developers should face before writing any code, demonstrating how to integrate security into your entire software engineering practice. Part II focuses on implementation, showing developers how to avoid a wide range of common security problems. Viega and McGraw show how to determine acceptable levels of risk, develop effective security testing processes, and understand in advance how applications would behave in response to an attack. The book contains extensive C-based source code examples.
Alle Produktbeschreibungen

Tags, die Kunden mit diesem Produkt verbinden

 (Was ist das?)
Klicken Sie zum Suchen verwandter Artikel, Diskussionen oder Personen auf ein Tag.
 
(1)
(1)
(1)
(1)
Stimmen Sie diesen Tags zu?
Alle 5 Tags anzeigen...
 
Beliebteste Tags anzeigen

Kundenrezensionen

5 Sterne
0
3 Sterne
0
2 Sterne
0
1 Sterne
0
Die hilfreichsten Kundenrezensionen
3 von 4 Kunden fanden die folgende Rezension hilfreich
Format:Gebundene Ausgabe
The book starts with several chapters meant as an introduction and providing base knowledge for non-programmers. This introduction is too lenghty at least in my opinion (over 100 pages) and would have not really convinced me (if I have not been before) that the topic 'secure programming' is so important as it really is.
If one have managed this slow start - the technical part (3/4 of the complete book) dives really into technical details. For C programmers very helpful (examples of other programming languages are rather rare to find). If you feel not that comfortable with C the book is probably harder to read and one have to dig out the essences of this book.
The content is well structered and most readers will not miss important chapters.
Some statements are obviously discussible but the authors marked their personal opinion properly.
Overall a good - very good book written by authors with indepth knowledge.
War diese Rezension für Sie hilfreich?
Format:Gebundene Ausgabe
Das Buch bietet einen sehr guten Überblick über die Sicherheitsaspekte in und um Software. Speziell das leidige Thema der buffer overflows wird im Detail behandelt. Obwohl die Autoren versuchen das Buch sprachenübergreifend zu machen ist der Großteil der Beispiele an C geknüpft - was aber weiter nicht stören sollte weil sich die meisten Beispiele leicht umzulegen sind.
War diese Rezension für Sie hilfreich?
Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)
Amazon.com:  25 Rezensionen
27 von 29 Kunden fanden die folgende Rezension hilfreich
Exposes top problems and gives a framework for closing them 10. April 2002
Von Mike Tarrani - Veröffentlicht auf Amazon.com
Format:Gebundene Ausgabe
What makes this book so important is that the authors provide an analysis of the major problems with all software, and give a collection of techniques with which to address the recurring problems, such as buffer overflows, access control exposures, randomness flaws and other security-related defects. They do not attempt to provide specific solutions. Instead they raise an awareness of the common problems, discuss the underlying causes, and give a framework with which developers can use as the basis for developing secure software.

Key points of this book that I found especially useful include:
(1) Even treatment of commercial and open source software. I found this refreshing because there are two camps, Microsoft developers and open source advocates, each of which criticize the other. Yes, Microsoft has a bad reputation for security, but the open source faction has its own challenges, and the authors show the strengths and weaknesses of each in an objective manner.
(2)Surprises, such as documented cases of peer reviews that failed. I am an advocate of this technique, yet a case where a flawed, two-line piece of code that was extensively reviewed by literally thousands of reviewers and readers of a technical publication slipped by without notice for a long time.
(3) The ten guiding principles for software security encapsulate the essence of building secure software. This list and the discussion of each principle should be required reading for every architect, developed and QA engineer.Chapter 1 (Introduction to Software Security) and Chapter 6 (Auditing Software) give a framework for security and a methodical approach to quality assurance. These, in my opinion, are the heart of the book.

In addition to software security from a developer's point of view, this book also addresses other areas that need to be closely examined in order to achieve a solid security posture. In particular I liked Chapter 14, which covers database security, especially the treatment of statistical attacks. If you're a DBA this alone will make the book worth buying because despite the most careful design of views and access controls you may still be vulnerable in surprising ways. The chapters on Client-side security and firewall issues are also filled with excellent information, as is Appendix A (Cryptography Basics).

The authors have imparted the sum of their extensive experience in this book. It's up to you to take that experience and apply it. The book's accompanying website adds further value. I also recommend Writing Secure Code by Michael Howard and David Leblanc, which was written after this book, and complements it well. Both books are much-needed additions to the body of knowledge for developing secure software.

41 von 48 Kunden fanden die folgende Rezension hilfreich
Comment from Preface author 15. Oktober 2001
Von Bruce Schneier - Veröffentlicht auf Amazon.com
Format:Gebundene Ausgabe
As I say in the Preface of this book, "We wouldn't have to spend so much time, money, and effort on network security if we didn't have such bad software security." We all know that security is risk management. _Building Secure Software_ takes the same risk-management approach to security that I espouse in _Secrets and Lies_. But while my recent focus is on detection and response, this book focuses on prevention. Most importantly, it focuses on prevention where it should occur: during software design.

_Building Secure Software_ is a critical tool in the understanding of secure software. Viega and McGraw have done an excellent job of laying out both the theory and practice of secure software design. Their book is useful, practical, understandable, and comprehensive. It won't magically turn you into a software security expert, but it will make you more sensitive to software security. And the more sensitive you are to the problem, the more likely you are to work toward a solution.

19 von 22 Kunden fanden die folgende Rezension hilfreich
My current choice for text in computer security 3. Dezember 2002
Von Charles Ashbacher - Veröffentlicht auf Amazon.com
Format:Gebundene Ausgabe
Even IT professionals are not completely aware of how much our society relies on the effective use of computers. For if they did, security issues would always be foremost in our minds. Nearly all of us lock the doors to our houses when we leave and yet there are problems with computers that are equivalent to leaving the door open and posting a large sign as to where the valuables are located. I am just as guilty as most others in this area, but the heavy object has finally hit me over the head, so I am now deeply involved in learning all aspects of computer security.
One of the best books that I have found that explains details rather than fluffy generalities is this one. In looking through books, there were so many that used the soapbox approach, proclaiming long and loud about the need for security, but never reaching the level of the designer in showing the specific ways in which security features can be implemented. This book does that. The specific code examples illustrating many of the security features show quite clearly how it is possible to include security in the basic structure of your programs.
There are those who complain that publishing details of security flaws gives people information that will allow them to become an effective black hat hacker. This is an argument that is ridiculous. A malicious user is someone with a specific state of mind, and a bit of information does not make one a criminal, just makes it slightly easier for them to engage in their criminal acts. Any law enforcement officer will tell you that to prevent crime you have to learn the many ways crimes are committed. The authors of this book show you how the black hats do their cracking.
As a consequence of reading this book, I was motivated to create a series of security lessons and write a proposal for a class in computer security for the next academic year. That class recently received overwhelming departmental approval and right now, this is the text that I will use.
Kundenrezensionen suchen
Nur in den Rezensionen zu diesem Produkt suchen

Kunden diskutieren

Das Forum zu diesem Produkt
Diskussion Antworten Jüngster Beitrag
Noch keine Diskussionen

Fragen stellen, Meinungen austauschen, Einblicke gewinnen
Neue Diskussion starten
Thema:
Erster Beitrag:
Eingabe des Log-ins
 


Aktive Diskussionen in ähnlichen Foren
Kundendiskussionen durchsuchen
Alle Amazon-Diskussionen durchsuchen
   
Ähnliche Foren

Lieblingslisten

Legen Sie Ihre eigene Lieblingsliste an

Ähnliche Artikel finden

Anhand des Sachgebietes nach ähnlichen Produkten suchen:































Das bedeutet, jeder Titel/Artikel muss zu Sachgebiet 1 UND zu Sachgebiet 2 UND... gehören.

Ihr Kommentar

Möchten Sie die Produktinformationen aktualisieren oder Feedback zu den Produktabbildungen geben?

Datenschutzerklärung von Amazon.de Versandbedingungen von Amazon.de Umtausch- & Rücknahme bei Amazon.de