foreword
preface
acknowledgments
about this book
about the authors
about the cover illustration
Part 1. Introduction
Chapter 1: Why design matters for security
1.1 Security is a concern, not a feature
1.1.1 The robbery of Öst-Götha Bank, 1854
1.1.2 Security features and concerns
1.1.3 Categorizing security concerns: CIA-T
1.2 Defining design
1.3 The traditional approach to software security and its shortcomings
1.3.1 Explicitly thinking about security
1.3.2 Everyone is a security expert
1.3.3 Knowing all and the unknowable
1.4 Driving security through design
1.4.1 Making the user secure by design
1.4.2 The advantages of the design approach
1.4.3 Staying eclectic
1.5 Dealing with strings, XML, and a billion laughs
1.5.1 Extensible Markup Language (XML)
1.5.2 Internal XML entities in a nutshell
1.5.3 The Billion Laughs attack
1.5.4 Configuring the XML parser
1.5.5 Applying a design mindset
1.5.6 Applying operational constraints
Summary