The 7 Qualities of Highly Secure Software 1st Edition

To begin, I would like to point out that I am one of the reviewers who is quoted on the back cover. This may point to a level of bias, but I will attempt to review this any way. I would also like to point out that I am a penetration tester who focuses on attacking web application and mobile applications. I perform this type of testing on a regular basis for everyone from small organizations to Fortune 100 to government agencies. I don't point this out to brag, even though my marketing department would probably want me to, but to give you the context I read this book in.As an attacker, with permission of course, I hate this book. The information provided within it, if used correctly by developers, will only make my job harder. It provides developers with a simple understanding of the problems and solutions to those problems we see in a majority of applications deployed today. As we see more and more attacks against web applications, this is even more important to get right.Mano, someone I consider a friend, is one of the best people out there to write this type of book. If you are a developer or responsible in any way to the applications in your organization, you need this book. If you, like me, are focused on testing and attacking these applications, buy this book. Either way, it will provide you the information about security and applications!I really am not sure why you are still reading this, click "Add to Cart"!Kevin JohnsonSenior Security ConsultantSecure Ideas

Being a security professional for more than two decades, I can attest how critical to a company's overall security secure business applications are! Mano Paul's book makes a difficult and sometimes dry topic an easy read by using analogies ranging from Aesop's fables, athletics, architecture, biology, nursery rhymes, and video games to illustrate the qualities that are essential for the development of highly secure software.This book is not just a must read for application developers, but also for all IT auditors and security professionals who are responsible for ensuring and verifying that business applications will measure up against the cyber-criminals who are bent on creating havoc by exploiting weak and poorly written software.I was happy to review this book prior to its publication, and recommend it highly for the library of all those tasked with application development, information security and compliance.Patricia A. Myers, CISSP-ISSMP, CRISCISSA Distinguished Fellow