Designing Secure Software
A Guide for Developers
Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Loren Kohnfelder
- Published
- 2021
- Publisher
- No Starch Press
- Pages
- 312
- Language
- English
Read this if
Senior developers and architects who already write code well and now want to design systems that don't ship CVEs. Kohnfelder is the author who literally wrote the X.509 paper; the book is a career's worth of design wisdom in 312 pages.
Skip this if
Beginners or readers wanting hands-on tooling. The book is design-level: principles, patterns, and case studies. Pair with implementation-level books for the line-of-code view.
Key takeaways
- Secure-by-design is mostly avoided pitfalls; the book's enumeration of common-but-fatal mistakes is the cleanest mental checklist a designer can carry.
- Trust boundaries are the single most useful concept in secure design; the book teaches you to see them in any architecture.
- Most security debates inside engineering organizations resolve to a handful of repeated trade-offs (defense in depth vs. simplicity, blocking vs. logging, fail-open vs. fail-closed); the book names them and provides the language for the conversation.
Notes
Pair with Threat Modeling (Shostack) for the process side and Security Engineering (Anderson) for the systems-level case studies. Kohnfelder invented STRIDE in 1999; the book is the considered, mature view that emerged from twenty years of using it. The most underrated security book of the past five years.
What to read before
What to read before Designing Secure Software →Intermediate · 2014
Threat Modeling
Adam Shostack's practitioner-oriented introduction to threat modeling: STRIDE, attack trees, and how to fit the practice into a real software-development lifecycle.
Beginner · 2020
Web Security for Developers
Malcolm McDonald's developer-side primer on the OWASP-class issues, framed around real attacks and defended with code patterns rather than vendor products.
Beginner · 2019
Foundations of Information Security
Jason Andress' compact tour of the field: confidentiality / integrity / availability, identification and authentication, network and OS controls, written for newcomers and adjacent disciplines.
What to read next
What to read after Designing Secure Software →Intermediate · 2014
Threat Modeling
Adam Shostack's practitioner-oriented introduction to threat modeling: STRIDE, attack trees, and how to fit the practice into a real software-development lifecycle.
Intermediate · 2010
Cryptography Engineering
A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.
Advanced · 2020
Building Secure and Reliable Systems
Google's site-reliability and security teams jointly write down what it actually takes to build systems that are both safe and dependable, from threat models and design reviews to rollback culture and crisis response.
Explore similar books
Alternatives to Designing Secure Software →Intermediate · 2014
Threat Modeling
Adam Shostack's practitioner-oriented introduction to threat modeling: STRIDE, attack trees, and how to fit the practice into a real software-development lifecycle.
Intermediate · 2010
Cryptography Engineering
A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.
Intermediate · 2021
Real-World Cryptography
David Wong's hands-on tour of the cryptographic primitives, protocols and pitfalls that show up in actual production systems, with deliberate attention to TLS, Noise, modern AEAD, and post-quantum.