What do you think?
Rate this book
Designing Secure Software: A Guide for Developers
What every software professional should know about security.
Designing Secure Software consolidates Loren Kohnfelder’s more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process.
The book begins with a discussion of core concepts like trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book’s most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities.
You’ll learn how to:
• Identify important assets, the attack surface, and the trust boundaries in a system
• Evaluate the effectiveness of various threat mitigation candidates
• Work with well-known secure coding patterns and libraries
• Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more
• Use security testing to proactively identify vulnerabilities introduced into code
• Review a software design for security flaws effectively and without judgment
Kohnfelder’s career, spanning decades at Microsoft and Google, introduced numerous software security initiatives, including the co-creation of the STRIDE threat modeling framework used widely today. This book is a modern, pragmatic consolidation of his best practices, insights, and ideas about the future of software.
Designing Secure Software consolidates Loren Kohnfelder’s more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process.
The book begins with a discussion of core concepts like trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book’s most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities.
You’ll learn how to:
• Identify important assets, the attack surface, and the trust boundaries in a system
• Evaluate the effectiveness of various threat mitigation candidates
• Work with well-known secure coding patterns and libraries
• Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more
• Use security testing to proactively identify vulnerabilities introduced into code
• Review a software design for security flaws effectively and without judgment
Kohnfelder’s career, spanning decades at Microsoft and Google, introduced numerous software security initiatives, including the co-creation of the STRIDE threat modeling framework used widely today. This book is a modern, pragmatic consolidation of his best practices, insights, and ideas about the future of software.
- GenresProgrammingSoftware
312 pages, Kindle Edition
Published October 19, 2021
10 people are currently reading
136 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 10 of 10 reviews
October 9, 2021
Software security is an important yet neglected issue. Most developers will immediately recognize its importance because, with the Internet, so much of the computing infrastructure (the “surface”) is vulnerable to attack. Yet it’s simultaneously neglected because it relies on mastering the unknown – an unsurmountable topic. Reviewing security issues in one’s own code is often a painful process, much like reading an editor’s notes on one’s own writing. Into this ongoing conversation, Kohnfelder, a developer with around 50 years of experience in computing and (an impressive) 20 focused on cybersecurity, interjects an update that comprehensively covers concepts important for the present and the future.
This book indeed mostly addresses ideas and contains few code examples. This correlates with its main contention – that security issues need to be first addressed in the design process. The Internet was designed as an open system for exchange, and security was more of an afterthought. In today’s world, where even computers in our pockets are open to a potentially dangerous web, developers and designers of software need to think through securing software on their own.
Kohnfelder divides this book into three sections: Concepts, Design, and Implementation. He deftly moves from the big picture into pragmatics and back again. He discusses the high points of cybersecurity history and their implications for today’s coding efforts. In the conclusion, he even points to important current trends that might have impact in the near future.
I particularly appreciated his section on encryption. He addresses cryptography in an accessible way. In contrast to many works in the field that focus on mathematics or technical detail, he presents the big picture with keywords that can be researched more in-depth. While completing his PhD from MIT in 1978, he focused his research on RSA cryptography, and his clarity of thought shows well when talking about this subject.
Obviously, this book addresses software developers and designers, but it also has potential impact for those involved anywhere in the production of software. IT project managers in particular can benefit from this concept-heavy presentation because they need not wade into the waters of code. It provides a healthy update to the ongoing and unending conversation around cybersecurity. I hope to use some of the insights gleaned from the field of this book into my own software efforts. Upcoming developers would do well to learn from the teachings of this grand master.
This book indeed mostly addresses ideas and contains few code examples. This correlates with its main contention – that security issues need to be first addressed in the design process. The Internet was designed as an open system for exchange, and security was more of an afterthought. In today’s world, where even computers in our pockets are open to a potentially dangerous web, developers and designers of software need to think through securing software on their own.
Kohnfelder divides this book into three sections: Concepts, Design, and Implementation. He deftly moves from the big picture into pragmatics and back again. He discusses the high points of cybersecurity history and their implications for today’s coding efforts. In the conclusion, he even points to important current trends that might have impact in the near future.
I particularly appreciated his section on encryption. He addresses cryptography in an accessible way. In contrast to many works in the field that focus on mathematics or technical detail, he presents the big picture with keywords that can be researched more in-depth. While completing his PhD from MIT in 1978, he focused his research on RSA cryptography, and his clarity of thought shows well when talking about this subject.
Obviously, this book addresses software developers and designers, but it also has potential impact for those involved anywhere in the production of software. IT project managers in particular can benefit from this concept-heavy presentation because they need not wade into the waters of code. It provides a healthy update to the ongoing and unending conversation around cybersecurity. I hope to use some of the insights gleaned from the field of this book into my own software efforts. Upcoming developers would do well to learn from the teachings of this grand master.
December 18, 2023
This is a great read for software developers that want to write more secure code. Above all, there is one central principle: Trust your framework (Rails, Django, .NET). If you are building your CSRF controls yourself, for instance, you're probably doing it wrong. You should get a lot of controls right out of the box (unless you're failing to upgrade the version of your framework . . .).
One thing I especially liked was Chapter 12, which provides guidance for automated security tests. Basically, your test-driven-development practices should also create tests for security.
The book is quite good on what constitutes a security design review (SDR) document, and also goes over some of the tone a good security engineer should use when communicating with development teams: The author says that you should provide options. Exactly so.
The book goes into some detail for problems like XSS and CSRF, but I think the book is going to be updated periodically to provide insights into the problems du jour. For instance, just in the last couple of years, CSPs have become more important, as well as the whole process of ensuring secure authentication and authorization (e.g., how to use your JWTs properly).
Another thing missing here is the whole ecosystem of tooling. It's pretty clear that the author didn't want to mention specific vendors, but in this book you'd never know that a lot of automation exists (e.g., dependency checkers like Dependabot; SAST tools like Semgrep; etc.).
One thing I especially liked was Chapter 12, which provides guidance for automated security tests. Basically, your test-driven-development practices should also create tests for security.
The book is quite good on what constitutes a security design review (SDR) document, and also goes over some of the tone a good security engineer should use when communicating with development teams: The author says that you should provide options. Exactly so.
The book goes into some detail for problems like XSS and CSRF, but I think the book is going to be updated periodically to provide insights into the problems du jour. For instance, just in the last couple of years, CSPs have become more important, as well as the whole process of ensuring secure authentication and authorization (e.g., how to use your JWTs properly).
Another thing missing here is the whole ecosystem of tooling. It's pretty clear that the author didn't want to mention specific vendors, but in this book you'd never know that a lot of automation exists (e.g., dependency checkers like Dependabot; SAST tools like Semgrep; etc.).
November 4, 2024
One could form the opinion that this book seems superficial and redundant. It doesnt provide any big silverbullet ideas and reiterates many known workflows already utilized by developers.
But this is exactly why this book is so important. I.e. bugs ARE security vulnerabilities. I've never explicitly thought about it that way. And the possibility that you could chain seemingly harmless bugs to get a big vulnerability was unheard of.
The book highlights where extra caution is necessary in the every day life of a developer to make the software just a bit more secure every time your mind crosses paths with the thought of this book.
Security is not this one thing we need to do, it is a continous very integratable process that we just never really bother to explicitly account for.
But this is exactly why this book is so important. I.e. bugs ARE security vulnerabilities. I've never explicitly thought about it that way. And the possibility that you could chain seemingly harmless bugs to get a big vulnerability was unheard of.
The book highlights where extra caution is necessary in the every day life of a developer to make the software just a bit more secure every time your mind crosses paths with the thought of this book.
Security is not this one thing we need to do, it is a continous very integratable process that we just never really bother to explicitly account for.
December 29, 2021
Excellent top-down introduction into secure software development. The book focuses more upon concepts and the big-picture than on low-level exploits. This is perfectly fine in my opinion as low-level exploits changes over time while the big-picture stays the same. You might want to use this book for high-level guidance and use additional material such as the OWASP OTG for low-level testing techniques.
The book uses wonderful analogies, I will steal some of them (e.g., beaming as a analogy for serialization). Will recommend this book to students of mine.
The book uses wonderful analogies, I will steal some of them (e.g., beaming as a analogy for serialization). Will recommend this book to students of mine.
January 2, 2025
This book is a guide for software professionals who want to better understand concepts essential to the discipline of software security. You can consider it as a first step in software security!
The most of the book is about topics that you can find in other security books. For example, minimize attack surfaces, narrow Windows of vulnerability, minimize data exposure and etc. are some topics that author talks about them. There was some new information about software security and new kind of attacks and vulnerabilities that I had never heard about them until now.
The most of the book is about topics that you can find in other security books. For example, minimize attack surfaces, narrow Windows of vulnerability, minimize data exposure and etc. are some topics that author talks about them. There was some new information about software security and new kind of attacks and vulnerabilities that I had never heard about them until now.
July 3, 2022
Great book for generalists
This is very good book to learn what secure software development is. Easy to read and contemporary by topics. It doesnt require any technical expertise while reading.
This is very good book to learn what secure software development is. Easy to read and contemporary by topics. It doesnt require any technical expertise while reading.
December 3, 2022
Excellent!
From beginning to end, really an amazing book. I'd recommend this book for literally every software engineer out there, including software engineering teams to read!
From beginning to end, really an amazing book. I'd recommend this book for literally every software engineer out there, including software engineering teams to read!
February 26, 2024
Was useful. Will reference in the future.
August 19, 2024
Compact, dense and concise, I now consider this an essential read for anyone entering the software industry. Not necessarily developers even.
December 3, 2024
This is one of the best books on developing and designing secure and resilient software that I've read. It's broad across the SDL and deep in the right places.
Displaying 1 - 10 of 10 reviews