Secure Coding is an executive overview of the security aspects of planning, designing, implementing and running software. In-depth technical discussions are avoided in favor of sound understanding real-life examples.
Computer security is getting more important every day. If you don't read the security mailing lists often, you may be shocked to know that software you use and rely on to do your work may be vulnerable. Many software development companies simply don't care about or are ignorant to security issues. Even if they aware of the issues, unskilled or unexperienced software engineers can make mistakes that can leave the software open to attack.
Anyone involved in the planning, design, implementation or deployment of software should read this book. Though the planning and design chapters of the book might not be of much interest to a systems administrator, it's important for them to know the problems faced.
At 200 pages, this book isn't close to a complete guide. All aspects are covered, but teaching how to think in a secure manner is favored over giving examples whose scope will most likely be limited to a single situation.
The book begins with issues involved in software design and architecture, before the first line of code is even considered. For hobbyist coders, planning your software might be 5 minutes of thinking before you start typing, even then, this section is valuable. There's a list of 30 points you should consider when designing your software, each of them explained in detail. Of all sections, this is the most detailed and invaluable.
The next section covers implementation. Some basic types of vulnerabilities are discussed and it can get quite technical at some points, more so than any other section of the book. Buffer overflows (by far the most exploited vulnerability in the past few years) and SYN floods are discussed as well as techniques to avoid these.
The final section is operations, running the software in a real-world environment. Certain assumptions are made during the design and implementation phases, these must carry to the implementation phase. If configuration files are assumed to be valid and safe, it's up to the operation environment to assure this. This section wanders in and out of the realm of system and network administration, but leaves a lot to be desired.
Overall, this is a very good book for anyone involved in software or security. If you've never thought about security before, it will be a very eye-opening read, and even if you had, the case studies are bound to teach you a thing or two. My only gripe is that it isn't complete enough. A companion book with more case studies, more implementation issues and more information on secure system administration would be very welcome.