View Larger Image	Neil Daswani, Anita Kesavan, Christoph Kern Apress, Paperback, Published February 2007, 300 pages, ISBN 1590597842
	List Price: $39.99 Our Price: $21.95 You Save: $18.04 (45% Off)
	Availability: In-Stock

People who purchase this book frequently purchase:

• Foundations of SQL Server 2005 Business Intelligence; Lynn Langit, $30.50, 39% Off!
• Pro WPF: Windows Presentation Foundation in .NET 3.0; Matthew MacDonald, $30.95, 38% Off!
• Pro WCF: Practical Microsoft SOA Implementation; Chris Peiris, et al, $30.50, 39% Off!
• Pro C# with the .NET 3.0, Special Edition; Andrew Troelsen, $36.95, 38% Off!

• Enterprise Computing : Security
• Programming : Software Development

• Apress

"Information Technology is for everyone, not just geeks. But that means security is everyone's business, as you will discover in the pages of this excellent book!"

-- Vinton G. Cerf - a Founding Father of the Internet

"This book serves as a great complement to the courses that make up the Stanford Center for Professional Development (SCPD) Security Certification Program. The book explains in detail how to defend against a wide range of attacks, and teaches principles of secure system design."

-- Dr. Dan Boneh, Associate Professor, Computer Science and Electrical Engineering, Stanford University

Foundations of Security: What Every Programmer Needs to Know teaches new and current software professionals state-of-the-art software security design principles, methodology, and concrete programming techniques they need to build secure software systems. Once you're enabled with the techniques covered in this book, you can start to alleviate some of the inherent vulnerabilities that make today's software so susceptible to attack. The book uses web servers and web applications as running examples throughout the book.

For the past few years, the Internet has had a "wild, wild west" flavor to it. Credit card numbers are stolen in massive numbers. Commercial web sites have been shut down by Internet worms. Poor privacy practices come to light and cause great embarrassment to the corporations behind them. All these security-related issues contribute at least to a lack of trust and loss of goodwill. Often there is a monetary cost as well, as companies scramble to clean up the mess when they get spotlighted by poor security practices.

It takes time to build trust with users, and trust is hard to win back. Security vulnerabilities get in the way of that trust. Foundations of Security: What Every Programmer Needs To Know helps you manage risk due to insecure code and build trust with users by showing how to write code to prevent, detect, and contain attacks.

• The lead author cofounded the Stanford Center for Professional Development Computer Security Certification.
• This book teaches you how to be more vigilant and develop a sixth sense for identifying and eliminating potential security vulnerabilities.
• You'll receive hands-on code examples for a deep and practical understanding of security.
• You'll learn enough about security to get the job done.

Table of Contents

Foreword
About the Authors
About the Technical Reviewer
Acknowledgments
Preface
PART 1 Security Design Principles
Chapter 1 Security Goals
Chapter 2 Secure Systems Design
Chapter 3 Secure Design Principles
Chapter 4 Exercises for Part 1
PART 2 Secure Programming Techniques
Chapter 5 Worms and Other Malware
Chapter 6 Buffer Overflows
Chapter 7 Client-State Manipulation
Chapter 8 SQL Injection
Chapter 9 Password Security
Chapter 10 Cross-Domain Security in Web Applications
Chapter 11 Exercises for Part 2

About the Authors

Neil Daswani has served in a variety of research, development, teaching, and managerial roles at Stanford University, Yodlee, and Bellcore (now Telcordia Technologies). His areas of expertise include software and network security, wireless data technology, and peer-to-peer systems. He has published extensively in these areas, frequently gives talks at industry and academic conferences, and has been granted three U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University, and he currently works for Google. He earned a bachelor's in computer science with honors with distinction from Columbia University.

Christoph Kern is an information security engineer at Google and was previously a senior security architect at Yodlee, a provider of technology solutions to the financial services industry. He has extensive experience in performing security design reviews and code audits, designing and developing secure applications, and helping product managers and software engineers effectively mitigate security risks in their software products.

Anita Kesavan is a freelance writer and received her M.F.A. in creative writing from Sarah Lawrence College. She also holds a bachelor's in English from Illinois-Wesleyan University. She specializes in communicating complex technical ideas in simple, easy-to-understand language.

Forgot your password? FAQs Shipping Options Returns Your Orders Your Account