Secure by Design is a book about security that comes with a different twist than regular security books. Instead of taking the classical approach, where security is the main focus, it makes software design its primary concern. This might sound a bit odd at first, but when you realize that security flaws are often caused by poor design, then the approach of looking at security from a design perspective becomes much more appealing. Because, what if a fair amount of security vulnerabilities could be avoided using good design and best practices? Then it would certainly revolutionize how we look at software development and justify why you need to make certain design choices.

Exploring how software design relates to software security is therefore the main objective of this book. This, in turn, means that you won’t find discussions about classical security topics like buffer overflows, weaknesses in cryptographic hash functions, or which authentication method to use. Instead, you’ll learn why certain design choices matter for security and how to use them to craft secure software from the inside out.

Who should read this book

Secure by Design is a book primarily written for software developers, but it can be read by anyone with a technical background and interest in security. What’s important when reading this book is that you feel comfortable reading C-like syntax and have basic programming skills in a language such as Java or C#. Examples and best practices are all presented in a way that makes them relevant, regardless of your experience level, because learning how to design secure code is important to everyone, no matter if you’re a junior developer or an experienced architect. Reading Secure by Design is therefore a good idea if you want to improve your overall programming skills or need to make an existing codebase more secure. The book is also suitable as lecture material at universities or to be read in study groups.

How this book is organized: A roadmap

This book is divided into three parts and 14 chapters. The first two parts end with an intermission that tells a story about security flaws that could have been avoided using the concepts in this book. The intermissions are based on real cases we’ve worked on during our careers and serve as mini-case studies, as well as being a good read.

Part 1 introduces you to the concepts of this book and why we believe they are an effective approach to creating secure software.

• Chapter 1—Teaches you how design can drive software security and how it can enable you to create secure software with ease. It also contains an appetizing example of how a security flaw can be prevented through a secure by design mindset.
• Chapter 2—Is an intermission about how a weak software design caused significant economic loss. The security weaknesses in this case study could have been avoided if the concepts presented in part 2 had been utilized.

Part 2 is about the fundamental concepts that makes up the foundation of secure by design. The chapters are roughly laid out so that they start with concepts close to the code and then move up to higher abstraction levels. Some chapters build on previous ones, so it makes sense to read them in the order presented. You’re free to read these in any order you want, of course, but if you run into concepts or terms you don’t really understand, you might want to go back to previous chapters to read up on them.

• Chapter 3—Teaches you some of the core concepts of Domain-Driven Design (DDD). The concepts discussed are essential for understanding many of the ideas of secure by design. The ideas and the terminology you learn in this chapter are used extensively throughout the book, so if you’re not well-versed in DDD, we recommend you start with this chapter.
• Chapter 4—Introduces you to some code constructs that are important for security. It talks about the benefits of immutability and failing fast and how you can perform data validation in a secure way.
• Chapter 5—Discusses domain primitives and how they form the foundation of secure code. It also teaches you about the benefits of read-once objects and how domain primitives are the foundation for creating secure entities.
• Chapter 6—Talks about the basics of creating secure entities: how you can ensure that entities are consistent upon creation and how to protect the integrity of entities during their life cycle.
• Chapter 7—Continues with the topic of entities and teaches you different approaches to handle the inherent complexity that comes with them.
• Chapter 8—Shows you how you can use your delivery pipeline to enhance and verify the security of software. It also discusses some of the challenges when automating security testing.
• Chapter 9—Teaches you how to deal with failures and errors without compromising security. In addition to that, you’ll also explore some ways to mitigate failures through design.
• Chapter 10—Describes how popular design principles used in cloud environments can be used to increase the security of your systems, even though the design principles were originally developed for other purposes.
• Chapter 11—Another intermission, relating how a system built with a service-oriented architecture ended up being broken even though none of the individual services were. The story is a real-life example of the unique security challenges that you’ll face when building a system of systems. These challenges are discussed further in part 3 of the book.

Part 3 discusses how to apply what you’ve learned in part 2. You’ll learn how to spot common security issues and how you can use secure by design concepts to address them.

• Chapter 12—Looks at design patterns and code constructs that are problematic from a security perspective and that are common in legacy code. You’ll learn how to spot them and how to fix them.
• Chapter 13—Goes into the (sometimes subtle) challenges that come with microservice architectures and how they can be addressed using secure software design.
• Chapter 14—Discusses the importance of explicitly thinking about security every now and then. It also gives you some hints about important areas to address when creating secure software systems.

About the code

The concepts in this book are language agnostic, but we’ve chosen to use Java as the programming language for all code examples, partly because it’s one of the most commonly used programming languages, but also because its C-style syntax should be readable by any developer. The purpose of the code is to showcase certain concepts, not to be fully runnable examples. We’ve tried to make the code look as close as possible to what you’d write in real life. At the same time, there’s always a need to remove any distractions that could interfere with the teaching. This means we’ve sometimes omitted parts of methods and classes to improve clarity.

Another convention used in this book is that names of test methods (as in JUnit @Test annotated methods) are always written in snake case. The reason for this is readability. When using a behavior-driven development (BDD) style to express tests (as we often like to do), the names of the test methods tend to become long sentences—using proper grammar and being understandable by others than just developers. Very long method names become almost unreadable when using camel case. Snake case solves that problem. All other method and class names use camel case, which is the standard naming convention in Java.

This book contains many examples of source code, both in numbered listings and in line with normal text. In both cases, source code is formatted in a fixed-width font like this to separate it from ordinary text.

In many cases, the original source code has been reformatted; we’ve added line breaks and reworked indentation to accommodate the available page space in the book. Additionally, comments in the source code have often been removed from the listings when the code is described in the text. Code annotations accompany many of the listings, highlighting important concepts.

The code for the examples in this book is available for download from the Manning website at https://www.manning.com/books/secure-by-design.

liveBook discussion forum

Purchase of Secure by Design includes free access to a private web forum run by Manning Publications where you can make comments about the book, ask technical questions, and receive help from the authors and from other users. To access the forum, go to https://livebook.manning.com/#!/book/secure-by-design/discussion. You can also learn more about Manning’s forums and the rules of conduct at https://livebook.manning.com/#!/discussion.

Manning’s commitment to our readers is to provide a venue where a meaningful dialogue between individual readers and between readers and the authors can take place. It is not a commitment to any specific amount of participation on the part of the authors, whose contribution to the forum remains voluntary (and unpaid). We suggest you try asking the authors some challenging questions lest their interest stray! The forum and the archives of previous discussions will be accessible from the publisher’s website as long as the book is in print.