Mike's random thoughts and ramblings

SSSE Domain 5 - Software Engineering

A great security engineer doesn't really need to BE a software engineer - they just need to know how one thinks, and the important concepts that a software engineer knows. The reason for this can be seen in almost all risk assessment and analysis - in order to understand the risk that a piece of software presents, the engineer needs to have a fundamental understanding of how it was designed.

For that reason, we focus on software engineering principles in this domain rather than on a specific language. The goal is to understand concepts like handling user input, the purpose of encapsulating functions, and how software is designed. This can allow the engineer to internalize the concepts of software design and implementation, so that they can ultimately intuit a back-end design from seeing the implementation (which is a trait that all brilliant reverse engineers and vulnerability researchers have).

That said, it is important that the engineer has spent some time coding - for that reason, study within this domain should include some time spent learning a programming language and becoming proficient in developing some sort of software (whether a 100-line script or a 10000-line application) - the value of actually doing something with software can't be over-stated in learning these skills.

Required Text

Code Complete - I read this book first after my freshman year in computer science at the University of Toronto for summer reading, and it really moved me from understanding coding to understanding software - Steve McConnell takes you through all of the interesting and important concepts of developing good software, from design all the way to style. This one is a brilliant introduction to understanding what software really is.

Supplemental Texts

Software Engineering - The Pressmans have written the soup-to-nuts reference on software engineering here. This one's worthwhile to have it on your shelf, if only because the answer to just about any question that you'd want to ask lives in here.

Some text on coding in a language of your choice - I'm not going to recommend a text on coding here, because there are many good ones for each of the languages that you might pick. If you'd like some help with deciding on a language to learn, leave a comment or drop me an email.

Share this post

About the author

Michael Murray

Michael Murray