In the age of e-Business, information security is no longer a minor detail: it's at the heart of every business process and relationship. And software -- not firewalls, intrusion detection systems, or anything else -- is at the heart of most security problems. In Building Secure Software, two of the field's leading experts present a start-to-finish methodology for developing secure systems. They cover the entire software lifecycle, showing how to identify and respond to vulnerabilities as early in the process as possible, when security enhancements cost less -- and are more effective. In Part I, the authors focus on the security issues developers should face before writing any code, demonstrating how to integrate security into your entire software engineering practice. Part II focuses on implementation, showing developers how to avoid a wide range of common security problems. Viega and McGraw show how to determine acceptable levels of risk, develop effective security testing processes, and understand in advance how applications would behave in response to an attack. The book contains extensive C-based source code examples.