Organization of This Book

Organization of This Book

The book is divided into five parts. Chapters 1 through 4 make up Part I, Contemporary Security, and outline the reasons why systems should be secured from attack and guidelines and analysis techniques for designing such systems.

The meat of the book is in Parts II and III. Part II, Secure Coding Techniques, encompassing Chapters 5 through 14, outlines critical coding techniques that apply to almost any application. Part III, Even More Secure Coding Techniques, includes four chapters (Chapters 15 through 18) that focus on networked applications and .NET code.

Part IV, Special Topics, includes six chapters (Chapters 19 through 24) that cover less-often-discussed subjects, such as testing, performing security code reviews, privacy, and secure software installation. Chapter 23 includes general guidelines that don't fit in any single chapter.

Part V, Appendixes, includes five appendixes covering dangerous APIs, ridiculous excuses we've heard for not considering security, and security checklists for designers, developers and testers.

Unlike the authors of a good many other security books, we won't just tell you how insecure applications are and moan about people not wanting to build secure systems. This book is utterly pragmatic and, again, relentlessly practical. It explains how systems can be attacked, mistakes that are often made, and, most important, how to build secure systems. (By the way, look for margin icons, which indicate security-related anecdotes.)