Home | Best Seller | FAQ | Contact Us
Browse
Art & Photography
Biographies & Autobiography
Body,Mind & Health
Business & Economics
Children's Book
Computers & Internet
Cooking
Crafts,Hobbies & Gardening
Entertainment
Family & Parenting
History
Horror
Literature & Fiction
Mystery & Detective
Nonfiction
Professional & Technology
Reference
Religion
Romance
Science
Science Fiction & Fantasy
Sports & Outdoors
Travel & Geography
   Book Info

enlarge picture

Writing Secure Code  
Author: Michael Howard
ISBN: 0735617228
Format: Handover
Publish Date: June, 2005
 
     
     
   Book Review


From Book News, Inc.
Howard and LeBlanc (both are security experts with Microsoft) discuss the need for security and outline its general principles before outlining secure coding techniques. Testing, installation, documentation, and error messages are also covered. Appendices discuss dangerous APIs, dismiss pathetic excuses, and provide security checklists. The book explains how systems can be attacked, uses anecdotes to illustrate common mistakes, and offers advice on making systems secure.Copyright © 2004 Book News, Inc., Portland, OR


Book Description
Keep black-hat hackers at bay with the tips and techniques in this entertaining, eye-opening book! Developers will learn how to padlock their applications throughout the entire development process—from designing secure applications to writing robust code that can withstand repeated attacks to testing applications for security flaws. Easily digested chapters reveal proven principles, strategies, and coding techniques. The authors—two battle-scarred veterans who have solved some of the industry’s toughest security problems—provide sample code in several languages. This edition includes updated information about threat modeling, designing a security process, international issues, file-system issues, adding privacy to applications, and performing security code reviews. It also includes enhanced coverage of buffer overruns, Microsoft® .NET security, and Microsoft ActiveX® development, plus practical checklists for developers, testers, and program managers.


From the Publisher
No more malicious attacks! Learn the best practices for writing secure code, with samples in Microsoft Visual Basic®.NET, Visual C++®, Perl, and Visual C#®.


About the Author
Michael Howard is a security program manager on the Microsoft Windows XP team, focusing on secure design, programming, and testing techniques. He works with hundreds of people both inside and outside the company each year to help them secure their applications. He is the author of Designing Secure Web-Based Applications for Microsoft Windows 2000 from Microsoft Press. Prior to working on Windows XP, Michael worked on next-generation Web server technologies and IIS. He has worked on Microsoft Windows NT® security since 1992. David LeBlanc is a senior security technologist in Microsoft’s Information Technology Group. His primary role is defending the Microsoft network from attack. He has worked in the security field throughout his professional life, including working at Internet Security Systems where he was the primary engineer on ISS’s award-winning security products. David serves on a number of external security-related advisory boards.




Writing Secure Code

FROM OUR EDITORS

The Barnes & Noble Review
Your code will be attacked. You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how.

This edition draws on the lessons learned and taught throughout Microsoft during the firm￯﾿ᄑs massive 2002 ￯﾿ᄑWindows Security Push.￯﾿ᄑ It￯﾿ᄑs a huge upgrade to the respected First Edition, with new coverage across the board.

Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There￯﾿ᄑs especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them.

Then, it￯﾿ᄑs on to in-depth coverage of today￯﾿ᄑs key security issues from the developer￯﾿ᄑs standpoint. Everyone knows buffer overruns are bad: Here￯﾿ᄑs a full chapter on avoiding them. You￯﾿ᄑll learn how to establish appropriate access controls and default to running with least privilege. There￯﾿ᄑs detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You￯﾿ᄑll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting.

We￯﾿ᄑve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won￯﾿ᄑt just improve security -- it￯﾿ᄑll dramatically improve robustness and reliability, too. Bill Camarda

Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

ANNOTATION

No more malicious attacks! Learn the best practices for writing secure code, with samples in Microsoft Visual Basic®.NET, Visual C++®, Perl, and Visual C#®.

FROM THE PUBLISHER

Keep black-hat hackers at bay with the tips and techniques in this entertaining, eye-opening book! Developers will learn how to padlock their applications throughout the entire development process-from designing secure applications to writing robust code that can withstand repeated attacks to testing applications for security flaws. Short, easily digested chapters reveal proven principles, strategies, and coding techniques. The authors-two battle-scarred veterans who have solved some of the industry's toughest security problems-provide sample code in several languages. This edition includes updated information about threat modeling, designing a security process, international issues, file-system issues, adding privacy to applications, and performing security code reviews. It also includes enhanced coverage of buffer overruns, Microsoft(r) .NET security, and Microsoft ActiveX(r) development, plus practical checklists for developers, testers, and program managers.

SYNOPSIS

No more malicious attacks! Learn the best practices for writing secure code, with samples in Microsoft Visual Basic®.NET, Visual C++®, Perl, and Visual C#®.

     



Home | Private Policy | Contact Us
@copyright 2001-2005 ReadingBee.com