Secure Coding. Principles and Practices,
Mark Graff and Kenneth van Wyck
O'Reilly 2003, 2003.
ISBN 0-596-00242-4. Index, one appendix, 202 pages. $29.95.
Reviewed by Robert Bruen November 15, 2003
This is a surprisingly short book, especially given the propensity of publishers to put out books of 800 pages without hesitation. Do not be fooled by the size. The book is packed with ideas and suggestions to improve the design of secure code. There is no code in the book, one of the reasons for the size. Instead the focus is on thinking before you start coding, something that should be standard procedure.
Unlike the cookbook approach, the authors are up a level or two looking at the software development process itself. They break it down into initial architecture, design, coding and operation -- what is called the waterfall development methodology. The context is important because the process methodology can be a help or hindrance when trying to produce a software application or system. Any general software development methodology will have stages equivalent to requirements, design, code and test. What this the authors add to the mix is what should happen at the various stages to keep the final product secure.
We often hear the mantra that security can not be retrofitted, so here is how it should be fitted in the first place. While the book does not include vulnerabilities per se, there are examples of past vulnerabilities to clarify the consequences of not following security principles at each stage. This is a case of a small item becoming a huge problem later on. On example used as a mouse driver bug. The mouse driver, like any driver, needs privileges, in this to move the mouse around the display screen. The author was focused on making it work -- after all it was just the mouse. Malicious code was written to overflow the numbers which kept track of the position. Oops.
The authors have determined that rapid prototyping is not a good idea for production systems. Instead, real engineering is required. If you do not understand this, reading the book will be helpful. They also deal with the problem of existing applications that perhaps cannot be rewritten or fixed easily. The idea of using wrappers is not new, but it is one of the many suggestions offered throughout the book to improve operations. Wrappers, in general, filter input and access to existing code to prevent insecure code from being attacked. The code for one wrapper is one the few code examples in the book.
Asking questions at the various stages is a key activity when systems of any kind are under development. This seems to be a lost art these days. Sometimes questions are few or not asked at all and sometimes the right questions are not asked. Throughout the book, lists of questions are offered to assist at each phase. While security is not achieved through a checklist, such a list should be an integral part of the development process. Any pilot I know uses a checklist before flying a plane. The list does not fly the plane, but its value is obvious.
The book is a easy and quick read. It was not intended as a deep level technical text. It does provide a number of real world examples that are enlightening and entertaining. The number of books available on secure coding is a small, but growing list. Thankfully, most are worthwhile, even if there are a few flaws here and there. Secure Coding Principles and Practices is a welcome addition to the collection. Definitely recommended reading.