What This Book Does Not Cover
The following topics are outside the scope of this concise book. We
generally do not supply:
- Cookbook examples
-
Fine books have been written (and no doubt will continue to be
written) that provide the reader with detailed examples of how to
code securely in various programming languages. How can you open
files securely? We talk about it. How can you do better than Kerberos
4 (first release) at random-number generation? We explain the
problem. But we rarely show with a code excerpt how to do X in Y.
That goal—a worthy one—was not what we set out to do.
Indeed, we firmly believe that attempting to write secure software
using nothing but examples (however good they are), while lacking the
fundamental understanding of security we try to convey in this book,
would be akin to trying to cook a great gourmet meal armed with
nothing more than an ingredient list. While a great chef could
certainly do just that, most people couldn't. The
chef, you see, already has the fundamental skill of knowing how to
cook food properly.
- "How to [verb] the net-[noun] in [vendor-name] [product-name]"
-
You will find very few references here to specific operating systems,
products, or utilities. Unless we need to clarify a concept, we avoid
that territory. For one reason, it dates quickly. For another, there
are many good books and magazines available already that fill that
need. Most importantly, we believe that such specifics would distract
you (and us) from the reflective thinking we all
need to do.
- In-depth application design issues
-
We agree that there is a need for a set of in-depth design guidelines
and case studies spanning the entire development cycle of
today's complex multitiered applications. Some of
the topics might include the use of application service providers,
discovery services, identity federation, single sign-on, and shared
servers. We didn't take on that job, as we think it
would require many more volumes to do it justice. We also have not
tackled some recent complications in the network environment such as
the emerging ubiquity of wireless communications.
- Vulnerability exploit examples
-
While we discuss numerous software vulnerabilities in this book, we
don't provide examples (well, we made one exception)
of how to exploit them.
|
