REVIEW - Foundations of Security - What Every Programmer Needs to Know


Foundations of Security

What Every Programmer Needs to Know


Christoph Kern, Anita Kesavan, Neil Daswani



Apress (2007)




Mark Easterbrook


December 2009



Now that almost every device for which developers are generating code is connected to a network, and in most cases directly or indirectly to the Internet, it is essential for programmers to understand software security and how to protect against attack. Yet hardly a day goes by without a security incident of some kind, indicating that there is still a severe lack of security understanding in the software world.

This book goes a long way to addressing this shortfall and should be essential reading for every software developer.

Part one covers design principles: setting out the goals and how to design towards them. It also covers the well-intentioned but flawed approaches to security that lead to a false sense of security.

Part two explores all the major forms of attack and describes how to counter them including many examples of secure, and not so secure, code.

Part 3 is an Introduction to Cryptography and covers the subject in enough detail for the diligent designer to choose the correct encryption method.

Finally part 4 contains Appendices and references.

The book is well written and provides a broad subject matter while still containing enough detail to go from beginner to skilled practitioner.

Book cover image courtesy of Open Library.

Your Privacy

By clicking "Accept Non-Essential Cookies" you agree ACCU can store non-essential cookies on your device and disclose information in accordance with our Privacy Policy and Cookie Policy.

Current Setting: Non-Essential Cookies REJECTED

By clicking "Include Third Party Content" you agree ACCU can forward your IP address to third-party sites (such as YouTube) to enhance the information presented on this site, and that third-party sites may store cookies on your device.

Current Setting: Third Party Content EXCLUDED

Settings can be changed at any time from the Cookie Policy page.