Rating: 
Summary: Real requirements for security
Review: "Building Secure Software" is superb! It starts with a general introduction and then builds on the fact that security must be designed in, not just added later. The second half of the book is many details about buffer overflow problems, access control, race conditions, randomness, and cryptography with enough information to satisfy almost everybody (but simple enough at the beginning to let the novice understand the general topic). Plus, I like their writing style.
Rating:
Summary: The book that launched a new security genre
Review: 'Building Secure Software' (BSS) is an excellent book. I can't believe it was published in the fall of 2001, and I've only gotten to it now. Negative reviewers should remember that a single book can't address every security topic under the sun. BSS is the first of several titles by authors Viega and McGraw; those looking for additional details can peruse their later books.
BSS has three overall strengths which merit a five star review. First, the book contains the distilled wisdom of its two authors. We are lucky to have two developers-turned-security-experts sharing their insights with us. They explain many concepts in plain language suitable for coders and non-coders alike. I especially enjoyed their ten guiding principles of ch 5 and the auditing software advice of ch 6. In other sections, like ch 4, they argue that 'open source' does not equal 'secure.' In ch 2 the authors explain the importance of system specifications, i.e., how is a system expected to act under a given situation? These sorts of insights are useful for managers as well as developers.
Second, BSS backs up its recommendations with real code examples. The authors don't just tell you what to do -- they show you. In many cases they begin with a 'naive' implementation fraught with errors, which they then incrementally improve. The password material in ch 13 is an example of this technique. A related benefit of the book was its description of attack trees in ch 6, which I find helpful.
Third, the authors very thoroughly discuss topics mentioned in other books, but not backed up in those titles by code samples. For example, ch 7 has a very detailed buffer overflow explanation. If you want to follow actual code and memory locations to understand how to write a buffer overflow exploit, ch 7 will explain how to do it.
BSS's errata doesn't seem to be available at the defunct book Web site, although I was able to retrieve it via the Internet Archive. My main concern with the book's content was the replacement of the security principle of 'availability' by another principle, 'authentication.' In other words, when one mentions 'the big three security goals,' (p. 22) they are 'confidentiality,' 'integrity,' and 'availability,' not 'authentication.'
I didn't find the relative lack of Windows-specific material to be a problem. The book's errata addresses some of the negative reviewers' concerns. Several years after its initial publication, BSS is still a timely and relevant read that I recommend to all developers and security professionals.
Rating: 
Summary: Contains many mistakes in Windows-related sections
Review: As a Windows developer, I am little disappointed. The authors have probably much more experience with developing Unix and Java software that Windows software. This wouldn't be necessarily a bad thing, if they did their homework and check things with a Windows expert. But they didn't. The result is that the book contains some incorrect and misleading information in Windows-related sections. For example:1. In the footnote on page 56 authors state, that there are "no DCOM implementations for the UNIX world". Not true - there is at least one popular DCOM implementation for UNIX - EntireX from Software AG.
2. On page 58 authors say, that delegation of identity is not available for DCOM. Wrong - delegation with unlimited number of identity transfers is a standard feature of Windows 2000 and XP.
3. On page 382 authors claim that Microsoft SQL server does not support encryption. Again not true - SQL 2000 can use either SSL or standard Windows RPC encryption to encrypt all traffic between the client and the server. These kind of mistakes almost make you wonder if they were intentional. Anyway, if you are developing on Unix it is probably a good book (I cannot judge - I'm not an UNIX expert). If you are a Windows developer, you should probably treat it more as a general overview of potential software security problems and not rely on it when it comes to details.
Rating:
Summary: Comment from Preface author
Review: As I say in the Preface of this book, "We wouldn't have to spend so much time, money, and effort on network security if we didn't have such bad software security." We all know that security is risk management. _Building Secure Software_ takes the same risk-management approach to security that I espouse in _Secrets and Lies_. But while my recent focus is on detection and response, this book focuses on prevention. Most importantly, it focuses on prevention where it should occur: during software design. _Building Secure Software_ is a critical tool in the understanding of secure software. Viega and McGraw have done an excellent job of laying out both the theory and practice of secure software design. Their book is useful, practical, understandable, and comprehensive. It won't magically turn you into a software security expert, but it will make you more sensitive to software security. And the more sensitive you are to the problem, the more likely you are to work toward a solution.
Rating:
Summary: My current choice for text in computer security
Review: Even IT professionals are not completely aware of how much our society relies on the effective use of computers. For if they did, security issues would always be foremost in our minds. Nearly all of us lock the doors to our houses when we leave and yet there are problems with computers that are equivalent to leaving the door open and posting a large sign as to where the valuables are located. I am just as guilty as most others in this area, but the heavy object has finally hit me over the head, so I am now deeply involved in learning all aspects of computer security.
One of the best books that I have found that explains details rather than fluffy generalities is this one. In looking through books, there were so many that used the soapbox approach, proclaiming long and loud about the need for security, but never reaching the level of the designer in showing the specific ways in which security features can be implemented. This book does that. The specific code examples illustrating many of the security features show quite clearly how it is possible to include security in the basic structure of your programs.
There are those who complain that publishing details of security flaws gives people information that will allow them to become an effective black hat hacker. This is an argument that is ridiculous. A malicious user is someone with a specific state of mind, and a bit of information does not make one a criminal, just makes it slightly easier for them to engage in their criminal acts. Any law enforcement officer will tell you that to prevent crime you have to learn the many ways crimes are committed. The authors of this book show you how the black hats do their cracking.
As a consequence of reading this book, I was motivated to create a series of security lessons and write a proposal for a class in computer security for the next academic year. That class recently received overwhelming departmental approval and right now, this is the text that I will use.
Rating:
Summary: A must-read for application developers
Review: For more than 20 years security professionals have bemoaned the abysmal state of software, and why it doesn't get any better. Viega and McGraw have put together a wonderful handbook that takes a big step in helping developers build more secure and reliable software. It addresses the tough practical problems that lead to technical disasters like Nimda and Code Red. Readers learn how vulnerabilities are exploited and how to avoid having the vulnerabilities. Key topics include buffer overflows, avoiding malicious input, proper random number selection, and many more. If there were only one security book I could make required reading for every programmer in the world, this would be it.
Rating: 
Summary: Deeply disappointing. Keep on looking.
Review: For such an expensive and highly promoted book this is a
big disappoinment. If you really want to know how to build
secure software do not look here. You would do better to
subscribe to one of the security mailing lists and read
documents available on the Web. The book covers only a
very narrow range of topics. There is very little in here
for Web apps - securing Web servers, for example. I have a
thick tutorial from a consultant on my desk here which
leaves this book for dead - at least for Web security.
Strangely the book criticises SSH and S/Key and I think
those criticisms were weak when so many more relevant
issues could have been discussed. The book discusses buffer
overflows but the discussion is inferior to the referenced
online paper "Smashing the Stack for Fun and Profit" by
"mudge". I could go on and on. There just is not enough
meat in the book to make it a worthwhile read.
Rating: 
Summary: Worthless! The "wrong" way to look at security
Review: I don't know about John Viega, but Gary McGraw has written some of the worst security books ever, proving to me that he has little if any idea about how "proper" security should be run. This book talks about one tiny part of the security equation, missing out on the hardware element, but most importantly on the "people" aspect. Anyone ever hear of social engineering? You wouldn't if you read this garabage. Save your money - buy "Hacking Exposed" or "Secrets and Lies". This is only the right way to bring on security problems.
Rating:
Summary: Dont code until you read this book
Review: I thought I was good at coding, but didn't realize how much security breaches can be done until I read this book. From messy Java issues to buffer overflows; this book covers it. Don't code until you read this book!
Rating:
Summary: Excellent, but what about Windows? Rebuttals to bad reviews.
Review: I very much enjoyed this book and found learning it's content to be very worth my while. I think this book should be part of every computer science and computer engineering curiculum. I just graduated with a computer engineering degree and none of the basic security concepts covered in this book were ever mentioned in my required software classes. How can we expect developers to write secure software when they have not been taught how to? My biggest criticism of the book is it doesn't deal enough with Windows and when it does address Windows the authors are often wrong (as is pointed out in previous reviews). But I don't think the authors are Windows experts, so they can be somewhat forgiven. I also want to offer rebuttals to some of the negative reviews. Several reviewers gave the book few stars because it didn't cover web applications. No matter what language you write you web app in, you still will need to be aware of the concepts in this book. Your web app is not secure if it contains exploitable buffer overflows or input vulnerabilities. A couple reviewers also fault the book for not explaining how to setup a secure web server or securely configure Apache. These are not topics the book aims to address and have nothing to do with writing secure code. Also read John Veiga's rebuttal if you have any doubts about the book.
|
