Organization of This Book

Organization of This Book

The book is divided into five parts. Chapter 1, The Need for Secure Systems, and Chapter 2, Designing Secure Systems, make up Part I, Contemporary Security, and outline the reasons why systems should be secured from attack and the guidelines and analysis techniques for designing such systems.

The meat of the book is in Parts II and III. Part II, Secure Coding Techniques, encompassing Chapters 3 through 8, outlines critical coding techniques that apply to almost any application.

Part III, Network-Based Application Considerations, includes four chapters (Chapters 9 through 12) that focus on networked applications, including Web-based applications.

Part IV, Special Topics, includes three chapters (Chapters 13 through 15) that cover less-often-discussed subjects, including security in .NET applications, testing, and secure software installation. Chapter 16 includes general guidelines that don t fit in any single chapter.

Part V, Appendixes, includes four appendixes covering sundry other matters, including dangerous APIs and the lame excuses we ve heard for not considering security!

Michael wrote Chapters 1, 2, 4 8, and 12 14. David wrote Chapters 3, 9, 11, and 15. Both authors crafted Chapters 10 and 16.

As a final note, unlike the authors of a good many other security books, we won t just tell you how insecure applications are and moan about people not wanting to build secure systems. This book is utterly pragmatic and, again, relentlessly practical. It explains how systems can be attacked, mistakes that are often made, and, most important, how to build secure systems.