Updates
Latest Tweet
What's New?
Check out for latest innovation, a computer based training video collection
Like this Page
Secure Coding: Principles and Practices Review by Rommel Garcia
Book is great but doesn't conform to its title
I am not an information security expert nor by profession but has been preparing myself to enter this interesting field for sometime now and this is the first book I bought related to information security. The general review on this book before I got it was great so I gave it a shot.
For somebody interested in learning information security as a whole, this is a great book to start with. For the most part it covers the management side of the subject explaining details about how important it is to operate the business in a well defined secure procedures and/or policies and in ensuring people are aware of their role to enforce security. I thought the case studies were excellent and was very helpful in tying in what methods and principles were applied to achieve "just secure enough" paradigm. The "mental model" was interesting and I do believe that it does help set the right frame of mind from the very beginning of designing and implementing a secure project till completion.
I do have a Process Engineering background and checklists are heavily used by operators and technicians that helped them prevent a lot of product defects in the production line. Checklists will keep you focused on producing a high standard, great quality product.
The title of the book says "Designing and Implementing Secure Applications, Secure Coding, Principles and Practices". This is misleading. I would say the book only covered 1% of its total coverage for secure coding showing some codes and a technical diagram. But the information shared in this book teaches us to cultivate methods and principles of securing both applications and business organizations. Technology changes, so any book that's pretty much focusing on low level secure coding techniques or implementation will eventually be irrelevant several years after.
I will keep this book and will use it when the opportunity comes.