Neil Daswani: Bane of Cyberthieves
“Chances are that, unless we all learn something about security, the Internet will continue to be a very vulnerable place in which cybercriminals thrive,” says Dr. Neil Daswani. Daswani, who received his MS and PhD degrees in computer science from Stanford, is the author of the recently published book Foundations of Security: What Every Programmer Needs To Know.
“Many of the vulnerabilities described in the book are used by cyberthieves to commit identity theft, steal credit card numbers, and launch online attacks using malware and botnets,” he says. Daswani, who currently works for Google, notes that software with security design flaws and implementation bugs are the root cause of many security failures. To help software professionals defend against attacks, Daswani has provided training to companies to help them defend their brand, their customers, and their data.
“Given my love for software and my embarrassment at the current state of the world, I worked with the Stanford Center for Professional Development when I was finishing my PhD to help create a Computer Security Certification program that has helped many companies and software professionals mitigate security flaws in software,” he says. The courses that make up the certification program became the basis for the material in this book.
Dr. Vinton Cerf, often called one of the “Fathers of the Internet” wrote the foreword to the book, and former SEAS Dean Zvi Galil wrote an endorsement. The book teaches new and current software professionals state-of-the-art software security design principles, methodology, and concrete programming techniques they need to build secure software systems – making them highly marketable to companies and employers. The book illustrates how security principles can be employed to prevent some of the most significant, current-day attack types, such as SQL injection and cross-site scripting (XSS), as well as more traditional attack types, such as buffer overflows. It also covers session and password management, and shows how to use cryptography to help achieve various security goals.
Daswani and co-authors Christoph Kern and Anita Kesavan have provided free slides and source code at the web site, http://www.learnsecurity.com/ntk. The book is also available for purchase through Amazon.com.