Information Technology is for everyone, not just geeks. But that means security is everyone's business,
as you will discover in the pages of this excellent book!
� Vinton G. Cerf - a Founding Father of the Internet
This book serves as a great complement to the courses that make up the Stanford Center for Professional Development
(SCPD) Security Certification Program. The book explains in detail how to defend against a wide range of attacks,
and teaches principles of secure system design.
� Dr. Dan Boneh, Associate Professor, Computer Science and Electrical Engineering, Stanford University
Foundations of Security: What Every Programmer Needs to Know teaches new and current software professionals state-of-the-art
software security design principles, methodology, and concrete programming techniques they need to build secure
software systems. Once youre enabled with the techniques covered in this book, you can start to alleviate some
of the inherent vulnerabilities that make todays software so susceptible to attack. The book uses web servers and
web applications as running examples throughout the book.
For the past few years, the Internet has had a "wild, wild west" flavor to it. Credit card numbers are
stolen in massive numbers. Commercial web sites have been shut down by Internet worms. Poor privacy practices come
to light and cause great embarrassment to the corporations behind them. All these security-related issues contribute
at least to a lack of trust and loss of goodwill. Often there is a monetary cost as well, as companies scramble
to clean up the mess when they getspotlighted by poor security practices.
It takes time to build trust with users, and trust is hard to win back. Security vulnerabilities get in the way
of that trust. Foundations of Security: What Every Programmer Needs To Know helps you manage risk due to insecure
code and build trust with users by showing how to write code to prevent, detect, and contain attacks.
* The lead author cofounded the Stanford Center for Professional Development Computer Security Certification.
* This book teaches you how to be more vigilant and develop a sixth sense for identifying and eliminating potential
security vulnerabilities.
* Youll receive hands-on code examples for a deep and practical understanding of security.
* Youll learn enough about security to get the job done.