What every software professional should know about security. Designing Secure Software
consolidates Loren Kohnfelder's more than twenty years of experience into a concise elegant
guide to improving the security of technology products. Written for a wide range of software
professionals it emphasizes building security into software design early and involving the
entire team in the process. The book begins with a discussion of core concepts like trust
threats mitigation secure design patterns and cryptography. The second part perhaps this
book's most unique and important contribution to the field covers the process of designing and
reviewing a software design with security considerations in mind. The final section details the
most common coding flaws that create vulnerabilities making copious use of code snippets
written in C and Python to illustrate implementation vulnerabilities. You'll learn how to: •
Identify important assets the attack surface and the trust boundaries in a system • Evaluate
the effectiveness of various threat mitigation candidates • Work with well-known secure coding
patterns and libraries • Understand and prevent vulnerabilities like XSS and CSRF memory flaws
and more • Use security testing to proactively identify vulnerabilities introduced into code •
Review a software design for security flaws effectively and without judgment Kohnfelder's
career spanning decades at Microsoft and Google introduced numerous software security
initiatives including the co-creation of the STRIDE threat modeling framework used widely
today. This book is a modern pragmatic consolidation of his best practices insights and
ideas about the future of software.
