Shop now Shop now Shop now Shop All Amazon Fashion Up to 70% off Fashion Cloud Drive Photos Shop now Shop Amazon Fire TV Shop now Shop Fire HD 6 Learn More Shop now Shop now Shop now
Buy Used
+ £2.80 UK delivery
Used: Very Good | Details
Condition: Used: Very Good
Comment: Expedited shipping available on this book. The book has been read, but is in excellent condition. Pages are intact and not marred by notes or highlighting. The spine remains undamaged.
Trade in your item
Get a £0.41
Gift Card.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Writing Secure Code Paperback – 1 Nov 2001

1 customer review

See all formats and editions Hide other formats and editions
Amazon Price New from Used from
"Please retry"
£31.48 £0.11

There is a newer edition of this item:

Special Offers and Product Promotions

  • Save £20 on with the aqua Classic card. Get an initial credit line of £250-£1,200 and build your credit rating. Representative 32.9% APR (variable). Subject to term and conditions. Learn more.

Product details

  • Paperback: 477 pages
  • Publisher: Microsoft Press,U.S.; Pap/Cdr edition (1 Nov. 2001)
  • Language: English
  • ISBN-10: 0735615888
  • ISBN-13: 978-0735615885
  • Product Dimensions: 18.7 x 3.4 x 23.2 cm
  • Average Customer Review: 5.0 out of 5 stars  See all reviews (1 customer review)
  • Amazon Bestsellers Rank: 927,554 in Books (See Top 100 in Books)

More About the Authors

Discover books, learn about writers, and more.

Inside This Book

(Learn More)
First Sentence
In memory of all those people who needlessly perished on September 11, 2001. Read the first page
Explore More
Browse Sample Pages
Front Cover | Excerpt | Back Cover
Search inside this book:

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

5.0 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See the customer review
Share your thoughts with other customers

Most Helpful Customer Reviews

12 of 13 people found the following review helpful By AlfredB on 14 Nov. 2002
Format: Paperback
When I started to read this book, I was convinced that security was an issue, but that I could not do much more than have a good firewall between my users and my app... now I know that my code, and configuration & settings this side of the firewall (all within my control) can make a significant difference to the security of my solutions.
Everyone that codes, review code, design code, design solutions, every one that ever have valuable info on their hard disks should probably read this great book.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Helpful Customer Reviews on (beta) 23 reviews
18 of 22 people found the following review helpful
Best book I have read about secure software 27 Dec. 2001
By Mike Brava - Published on
Format: Paperback
Too many books talk about how to secure a network, and discuss network-based attacks, but this book is different; it covers how to design, build and test the code at the end of the pipe - the application software.
The book is complete in its explanation of how to make sure your application code, be it web-based or otherwise, is secured from attack.
I learned a great deal from this book, and, based on code and design reviews of my company's code, the authors obviously know what they are talking about - as we made a lot of fixes, and added many new security test cases to our test suites.
Simply put, we never knew we had problems, until we read this book, now it's mandatory reading for all our software engineers.
7 of 8 people found the following review helpful
Very good book on security mistakes and how to fix them 6 Dec. 2001
By - Published on
Format: Paperback
When deciding on whether or not to buy a book, I normally read the reviews to find out what people did not like. After checking out this book, I am shocked at the comments one of the reviewers wrote, as he unfairly panned the book on something that it was not intended to solve.
If you are looking for a heavy coders book to show you how to code security in your apps, this is probably not the best place to look. While there is some code, that is not the primary focus. You will also be disappointed if you are looking for code samples that easily migrate to other systems.
The book is, overall, very Microsoft-centric. Whether this is good or bad depends largely on your point of view. While you can apply many of the techniques to any platform to shore up holes in your code.
There are many of the security mistakes in this book that I found almost laughable, until I tested code on a few collegues sites. If you code your SQL strings in ADO, for example, you might be leaving a way for a malicious user to gain admin rights to your SQL Server.
If you think there is no way in the world you would ever need a book on security holes in code, then this book is probably tailor made for you. Understand, of course, if you do not do windows, the code samples will be far less useful than if you do.
14 of 18 people found the following review helpful
A Must Read for Todays Developer 18 Jan. 2002
By "markdrider" - Published on
Format: Paperback
I bought this book after the *Bill Gates* email came out about Microsoft being serious about security. I figured that when he sends email like this to the company, it's important. And when **he recommends this book** in the email, it's something worth looking at. It is - Writing Secure Code is great. It's an easy read, full of great design, development and testing principles and ideas.
The first couple of chapters revolve around design, in fact ch2 is over 70pp long, and it's all about how to design secure systems.
The bulk of the book focuses on secure coding, including buffer overruns, sockets, RPC, COM, Crypto, canoniclization issues, least privilege, storing secret data, Web apps - and more!
The last part of the book discusses common .NET coding errors, and how to build security test plans.
What makes this book utterly unique is it really teaches you how to design and test secure applications, as well as how to write them. The design and test stuff I have seen nowhere else.
The book is worth every penny, and I now know why Bill Gates recommends the book to all Microsoft developers.
4 of 4 people found the following review helpful
If you write software then buy this book! 4 Jan. 2002
By "puch87" - Published on
Format: Paperback
I bought this after reading other reviews, and like many of them I found this book worth every cent. The three manjor portions of the book: secure design, secure coding and security testing are really well explained. In fact, I have never seen any other material in any book on security design and testing.
And to those that thing there are no good SSL examples, I have two comments, (a) yes, there is material in the book on when to use SSL (and when not to!) and (b) SSL is no panacea, sometimes SSL is not the correct solution to use, and this book offers exceptional recommendations on how to determine if SSL is indeed the correct solution or not.
3 of 4 people found the following review helpful
Great book! 26 Nov. 2001
By "phil1772" - Published on
Format: Paperback
after reading the secure web app chapter, i rushed out and fixed about seven errors in my web-based finance app. the security bugs were bugs i didn't know i had!
we've also built cross-site scripting tests based on the commentary in the testing chapter.
Were these reviews helpful? Let us know