last updated Saturday, February 21, 2004

Home Past Meetings Meeting Schedule Seminars & Trade Events Members Only

URGENT Info Product Reviews Links

Product Reviews

Book Reviews

Secure Coding: Principles & Practices

By Mark G. Graff, Kenneth R. van Wyk
June 2003, 0-596-00242-4, O'Reilly & Associates, Inc.
224 pages, $29.95 http://www.oreilly.com/catalog/securecdng/index.html

Reviewed By Brad Friedlander, November 2003

In the 11^th century, Moses Maimonides taught us that the highest form of charity is to teach a man to fish. If you give him a fish, he can eat today. If you teach him to fish he can eat forever.

In the same way, Mark G. Graff and Kenneth R. van Wyk have provided an excellent book that gives us a framework for thinking about security rather than trying to give specific rules that might have been invalid before the book came off the press. “Secure Coding”, published by O’Reilly, gives the reader the ability to envision, architect, design, code, and implement a security framework that truly meets the needs of its stakeholders.

The authors don’t provide a cookbook. In their own words:

“When you picked up this book, perhaps you thought that we could provide certain security? Sadly, no one can.”

Instead, they deliver a robust mental model and a framework to understand security and to architect, design, develop, and operate secure systems. They present best practices in the field of security, the reasons for using them, and suggestions on deciding which practices are appropriate in your particular case.

Their approach is to realize that the objective is not to make a system totally secure, but to make it just secure enough. Deciding what is “just secure enough” is a business and not a technical decision. It is based on weighing risk versus cost.

There are substantial references throughout the book as well as an appendix of resources. The book is filled with examples of security failures and, more importantly, an excellent post mortem on each to show what could have been done to avoid the problem. The authors are extremely familiar with UNIX environments and this comes through in the examples. However, you don’t need to be a UNIX guru to glean valuable lessons from the examples.

One key message is that security is not something you can bolt onto an application. You must take a holistic approach to the overall system in which the application is being used. It’s worth noting that many secure applications become extremely insecure because of the system environment (including networks) in which they exist.

A second key message is that, while you can retrofit a insecure application, it is far easier and far less costly to incorporate security as an integral part of the entire development life-cycle including requirements, architecture, and design. The security architecture and design must be well-documented so that future maintenance does not inadvertently introduce gaping security holes.

The book is primarily intended for those who architect, design, and code secure applications. However, I believe that it is a must read for those who manage and those who implement secure applications and systems.

Brad Friedlander is the Managing Director of Friedlander & Associates. He has over 20 years of experience in auditing, architecting, and implementing secure systems.