Table Of ContentAdvance Praise for Building Secure Software
“John and Gary offer a refreshing perspective on computer security.
Do it right the first time and you won’t have to fix it later. A radical
concept in today’s shovelware world! In an industry where major
software vendors confuse beta testing with product release, this
book is a voice of sanity. A must-read!”
—Marcus J. Ranum, Chief Technology Officer,
NFRSecurity,Inc. and author of Web Security Sourcebook
“System developers: Defend thy systems by studying this book, and
cyberspace will be a better place.”
—Fred Schneider, Professor of Computer Science,
CornellUniversity and author of Trust in Cyberspace
“Time and time again security problems that we encounter come
from errors in the software. The more complex the system, the
harder and more expensive it is to find the problem. Following the
principles laid out in Building Secure Softwarewill become more
and more important as we aim to conduct secure and reliable
transactions and continue to move from the world of physical
identification to the world of digital identification. This book is
wellwritten and belongs on the shelf of anybody concerned with
thedevelopment of secure software.”
—Terry Stanley, Vice President, Chip Card Security,
MasterCard International
“Others try to close the door after the intruder has gotten in, but
ViegaandMcGrawbeginwherealldiscussionsoncomputersecurity
shouldstart:howtobuildsecurityintothesystemupfront.Instraight-
forwardlanguage,theytellushowtoaddressbasicsecuritypriorities.”
—Charlie Babcock, Interactive Week
“Application security problems are one of the most significant categories
of security vulnerabilities hampering e-commerce today. This book
tackles complex application security problems—such as buffer
overflows, race conditions, and implementing cryptography—in a
manner that is straightforward and easy to understand. Thisis amust-
have book for any application developer or security professional.”
—Paul Raines, Global Head of Information Risk Management,
Barclays Capital and Columnist, Software Magazine
“Viega and McGraw have finally written the book that the technical
community has been clamoring for. This is a refreshing view of how
to build secure systems from two of the world’s leading experts. Their
risk management approach to security is a central theme throughout
the book. Whether it’s avoiding buffer overflows in your code, or
understandingcomponentintegrationandinteraction,thisbookoffers
readers a comprehensive, hype-free guide. The authors demonstrate
that understanding and managing risks is an important component
to any systems project. This well written book is a must read for
anyone interested in designing, building, or managing systems.”
—Aviel D. Rubin, Ph.D., Principal Researcher, AT&T Labs
and author of White-Hat Security Arsenal
andWebSecuritySourcebook
“About Time!”
—Michael Howard, Secure Windows Initiative,
MicrosoftWindows XP Team
“For information security, doing it right seems to have become a
lostart. This book recaptures the knowledge, wisdom, principles,
and discipline necessary for developing secure systems, and also
inspires similar efforts for reliability and good software engineer-
ingpractice.”
—Peter G. Neumann, author of Computer Related Risks
andModerator of RISKS digest
“John Viega and Gary McGraw have put together a tremendously
useful handbook for anyone who is designing or implementing soft-
ware and cares about security. In addition to explaining the concepts
behind writing secure software, they’ve included lots of specific infor-
mation on how to build software that can’t be subverted by attackers,
including extensive explanations of buffer overruns, the plague of
most software. Great pointers to useful tools (freeware and other-
wise) add to the practical aspects of the book. A must-read for
anyone writing software for the Internet.”
—Jeremy Epstein, Director, Product Security & Performance,
webMethods
“Security is very simple: Only run perfect software. Perfection
being infeasible, one must seek practical alternatives, or face
chronic security vulnerabilities. Viega and McGraw provide a
superb compendium of alternatives to perfection for the practical
software developer.”
—Crispin Cowan, Ph.D., Research Assistant Professor/Oregon
Graduate Institute, Co-founder/Chief Scientist, WireX
“Whiletherestoftheworldseemstodealwithsymptoms,fewhave
beenabletogoafterthecauseofmostsecurityproblems:thedesign
anddevelopmentcycles.Peoplearetaughtinsecurecodingstylesin
mostmajorcolleges.Manypeoplehavetakentheirunderstandingof
writingsoftwareforpersonalsingleusersystemsandthrusttheir
designsintonetworkedinterdependentenvironments.Thisisdanger-
ous.Theseframeworksquicklyunderminethenation’scriticalinfra-
structureaswellasmostcommercialorganizations,andplacethe
individualcitizenatrisk.Currentlymostpeopleneedtobebrokenof
theirbadhabitsandre-taught.Itismysincerehopethatbookslikethis
onewillprovidetheattentionandfocusthatthisareadeserves.After
all,thisareaiswherethecurecanbeembodied.Userswillnotalways
playnicewiththesystem.Maliciousattackersseldomdo.Writing
securecodetowithstandhostileenvironmentsisthecoresolution.”
—mudge, Chief Scientist and EVP of R&D, @stake
“Programming is hard. Programmers are expensive. Good program-
mers are rare and expensive. We need all the help, all the tools, and
all the discipline we can muster to make the job as easy and cheap as
possible. We are not there yet, but this book should help.”
—Bill Cheswick, Author of Firewalls and Internet Security
“It’s not bad.”
—Peter Gutmann, Auckland, New Zealand
From the Foreword of Building Secure Software:
“BuildingSecureSoftwareisacriticaltoolintheunderstandingof
securesoftware.ViegaandMcGrawhavedoneanexcellentjoboflay-
ingoutboththetheoryandpracticeofsecuresoftwaredesign.Their
bookisuseful,practical,understandable,andcomprehensive.Thefact
thatyouhavethisbookinyourhandsisastepintherightdirection.
Readit,learnfromit.Andthenputitslessonsintopractice.”
—Bruce Schneier, Chief Technology Officer, Counterpane
Internet Security and Author of Applied Cryptography
andSecrets and Lies
This page intentionally left blank
Building
=
Secure Software
Addison-Wesley Professional Computing Series
Brian W. Kernighan, Consulting Editor
Matthew H. Austern, Generic Programming and the STL:Using and Extending the C++Standard Template Library
David R. Butenhof, Programming with POSIX®Threads
Brent Callaghan, NFSIllustrated
Tom Cargill, C++ Programming Style
William R. Cheswick/Steven M. Bellovin/Aviel D. Rubin, Firewalls and Internet Security, Second Edition: Repelling
the Wily Hacker
David A. Curry, UNIX®System Security: AGuide for Users and System Administrators
Stephen C. Dewhurst, C++ Gotchas: Avoiding Common Problems in Coding and Design
Dan Farmer/Wietse Venema, Forensic Discovery
Erich Gamma/Richard Helm/Ralph Johnson/John Vlissides, Design Patterns: Elements of Reusable Object-
Oriented Software
Erich Gamma/Richard Helm/Ralph Johnson/John Vlissides, Design Patterns CD: Elements of Reusable Object-
Oriented Software
Peter Haggar, Practical Java™Programming Language Guide
David R. Hanson, C Interfaces and Implementations: Techniques for Creating Reusable Software
Mark Harrison/Michael McLennan, Effective Tcl/Tk Programming: Writing Better Programs with Tcl and Tk
Michi Henning/Steve Vinoski, Advanced CORBA®Programming with C++
Brian W. Kernighan/Rob Pike, The Practice of Programming
S. Keshav, An Engineering Approach to Computer Networking: ATM Networks, the Internet, and the Telephone Network
John Lakos, Large-Scale C++ Software Design
Scott Meyers, Effective C++ CD: 85 Specific Ways to Improve Your Programs and Designs
Scott Meyers, Effective C++, Third Edition: 55 Specific Ways to Improve Your Programs and Designs
Scott Meyers, More Effective C++: 35 New Ways to Improve Your Programs and Designs
Scott Meyers, Effective STL: 50 Specific Ways to Improve Your Use of the Standard Template Library
Robert B. Murray, C++ Strategies and Tactics
David R. Musser/Gillmer J. Derge/Atul Saini, STLTutorial and Reference Guide, Second Edition:
C++ Programming with the Standard Template Library
John K. Ousterhout, Tcl and the Tk Toolkit
Craig Partridge, Gigabit Networking
Radia Perlman,Interconnections, Second Edition: Bridges, Routers, Switches, and Internetworking Protocols
Stephen A. Rago, UNIX®System V Network Programming
Eric S. Raymond, The Art of UNIX Programming
Marc J. Rochkind, Advanced UNIX Programming, Second Edition
Curt Schimmel, UNIX®Systems for Modern Architectures: Symmetric Multiprocessing and Caching for Kernel Programmers
W. Richard Stevens, TCP/IP Illustrated, Volume 1: The Protocols
W. Richard Stevens, TCP/IP Illustrated, Volume 3: TCP for Transactions, HTTP, NNTP, and the UNIX®
Domain Protocols
W. Richard Stevens/Bill Fenner/Andrew M. Rudoff, UNIX Network Programming Volume 1, Third Edition: The
Sockets Networking API
W. Richard Stevens/Stephen A. Rago, Advanced Programming in the UNIX®Environment, Second Edition
W. Richard Stevens/Gary R. Wright, TCP/IP Illustrated Volumes 1-3 Boxed Set
John Viega/Gary McGraw, Building Secure Software: How to Avoid Security Problems the Right Way
Gary R. Wright/W. Richard Stevens, TCP/IP Illustrated, Volume 2: The Implementation
Ruixi Yuan/W. Timothy Strayer, Virtual Private Networks: Technologies and Solutions
Visit www.awprofessional.com/series/professionalcomputing for more information about these titles.
Building
=
Secure Software
How to Avoid
Security Problems
the Right Way
John Viega
Gary McGraw
Boston • San Francisco • New York • Toronto • Montreal
London • Munich • Paris • Madrid • Capetown
Sydney • Tokyo • Singapore • Mexico City
Many of the designations used by manufacturers and sellers to
distinguish their products are claimed as trademarks. Where those
designations appear in this book, and we were aware of a trademark
claim, the designations have been printed in initial capital letters or
inall capitals.
The authors and publisher have taken care in the preparation of this
book, but make no expressed or implied warranty of any kind and
assume no responsibility for errors or omissions. No liability is
assumed for incidental or consequential damages in connection with
or arising out of the use of the information or programs contained
herein.
Copyright © 2002 by Addison-Wesley
All rights reserved. No part of this publication may be reproduced,
stored in a retrieval system, or transmitted, in any form or by any
means, electronic, mechanical, photocopying, recording, or otherwise,
without the prior consent of the publisher. Printed in the United States
of America. Published simultaneously in Canada.
The publisher offers discounts on this book when ordered in quantity
for special sales. For more information, please contact:
U.S. Corporate and Government Sales
(800) 382-3419
[email protected]
Visit us on the Web at www.awprofessional.com
Library of Congress Cataloging-in-Publication Data
Viega, John.
Building secure software : how to avoid security problems the
right way / Viega, John, McGraw, Gary.
p. cm.
Includes bibliographical references and index.
ISBN 0-201-72152-X
1. Computer software—Development. 2. Computer security.
3. System design. I. McGraw, Gary, 1966– II. Title.
QA76.76.D47 V857 2001
005.1—dc21 2001046055
ISBN 0-201-72152-X
Text printed in the United States on recycled paper at RR Donnelley Crawfordsville in Crawfordsville, Indiana.
9th Printing June 2008
Toour children
Emily and Molly
and
Jack and Eli
=
