UKUUG home


(the UK's Unix & Open Systems User Group)






Book Discounts

Other Discounts

Mailing lists






Secure Coding: Principles and Practices Mark G Graff and Kenneth R van Wyk
Published by O'Reilly Media
224 pages
£ 20.95
Published: 4th July 2003
reviewed by Ray Miller
   in the June 2004 issue (pdf), (html)

This slim volume contains a wealth of information that will be of interest not only to software developers, but to anyone responsible for the deployment and operation of computer systems. Indeed, if I had one complaint about the book it would be that the title is misleading: it is not so much about secure coding as the overall software development process, and relatively little is said about coding per se. But do not let this put you off, programmers will benefit from reading this book too.

The first chapter gives an overview of security vulnerabilities, covering different types of attack; how vulnerabilities arise; who might want to exploit them; and how we can defend our systems.

Further chapters cover different aspects of the software development process: architecture, design, implementation, and testing. Every chapter contains useful information and practical advice, and the authors draw on their extensive experience to back this up with examples and case studies.

They advocate a holistic approach to security: you cannot work around design errors at implementation time, and the best design and implementation can be laid waste by poor operations procedures. This theme permeates the book and is reinforced by the chapter on operations, which emphasises the importance of providing a secure environment for running a business application.

Most chapters also include sections on good practices and bad practices. I found that these conveyed information effectively, particularly where they drew attention to failings in my own organization.

The book is concise, with clear explanations of new concepts. Ideas are further clarified through the case studies, which add real-world interest to the book. To top it all, an appendix extending to 10 pages lists further resources.

In the prefix, the authors remark that they want the book `` be _read_''. They have certainly succeeded in producing a very readable volume, and I encourage my fellow software developers and systems administrators to go out and read it. As for myself, I shall be making time to follow up the resources - and putting some of these principles into practice on my own systems.

Back to reviews list

Tel: 01763 273 475
Fax: 01763 273 255
Web: Webmaster
Queries: Ask Here
Join UKUUG Today!

UKUUG Secretariat
More information

Page last modified 02 Apr 2007
Copyright © 1995-2011 UKUUG Ltd.