- Paperback: 477 pages
- Publisher: Microsoft Press,U.S.; Pap/Cdr edition (1 Nov 2001)
- Language English
- ISBN-10: 0735615888
- ISBN-13: 978-0735615885
- Product Dimensions: 19 x 3.2 x 23.5 cm
- Average Customer Review: 5.0 out of 5 stars See all reviews (4 customer reviews)
-
Amazon Bestsellers Rank:
1,348,773 in Books (See Top 100 in Books)
- #23 in Books > Computers & Internet > Computer Science > Networking & Security > Security > Programming > Secure Coding
- #75 in Books > Computers & Internet > Computer Science > Networking & Security > Security > Microsoft Windows
- See Complete Table of Contents
Writing Secure Code
and over one million other books are available for Amazon Kindle .
Learn more
| ||||||||||||||||||||||||
Did you know you can trade in your old books for an Amazon.co.uk Gift Card to spend on the things you want? Plus, get an extra £5 Gift Certificate when you trade in books worth £10 or more before June 30, 2012. Visit the Books Trade-In Store for more details. |
|
There is a newer edition of this item:
|
Product details |
More About the Authors
Discover books, learn about writers, and more.
Product Description
Product Description
Writing Secure Code" covers the major aspects of creating secure applications through the entire development process. Its short, easily-digested chapters can provide software designers, architects, developers, and testers with the training, theory, and techniques they need to take the right actions to ensure security.
About the Author
Michael Howard, CISSP, is a leading security expert. He is a senior security program manager at Microsoft® and the coauthor of The Software Security Development Lifecycle. Michael has worked on Windows security since 1992 and now focuses on secure design, programming, and testing techniques. He is the consulting editor for the Secure Software Development Series of books by Microsoft Press.
David LeBlanc, Ph.D., is a founding member of the Trustworthy Computing Initiative at Microsoft®. He has been developing solutions for computing security issues since 1992 and has created award-winning tools for assessing network security and uncovering security vulnerabilities. David is a senior developer in the Microsoft Office Trustworthy Computing group.
Inside This Book
(Learn More)
First Sentence
In memory of all those people who needlessly perished on September 11, 2001. Read the first page
Front Cover | Excerpt | Back Cover
In memory of all those people who needlessly perished on September 11, 2001. Read the first page
Explore More
Concordance
Browse Sample PagesConcordance
Front Cover | Excerpt | Back Cover
Suggested Tags from Similar Products(What's this?)Be the first one to add a relevant tag (keyword that's strongly related to this product)
|
What Other Items Do Customers Buy After Viewing This Item?
Customer Reviews
Most Helpful Customer Reviews
25 of 25 people found the following review helpful
Format:Paperback
Some years ago i worked for a software house with over 30 developers, of which only one other had read the first edition of this book. I don't think that was uncommon. Few developers cared about application security in general terms, their encounters with security being an inconvenience that either 'broke' code or (often post-exploit) resulted in 'extra work' bug-fixing.
I use the past-tense, but i've really no evidence to suggest that things have changed all that much. Hopefully the wider distribution and publicity granted this second edition will help change that.
The book is organised into four major sections. The first provides background material that outlines the need to secure systems and techniques for designing secure systems. It is carefully written, appropriately illustrated and has only two very small code examples (one of which pseudo-code, the other a couple of lines of asp), making it good for photocopying and distribution to project managers...
The second and third sections provide the bulk of the book - secure coding techniques. As you'd expect buffer overruns, acls, least privilege, crypto, canonical mistakes, sql injection, cross site scripting, dos attacks, to name a few are all covered, and there are chapters on internalisation, sockets, rpc, and one - surprisingly small - on .net. I say surprisingly because a good part of the marketing for this book was that it was updated to cover .net, which it has - but not to the extent you'd think. if you're looking for an in-depth analysis of .net security, this work doesn't have it.
but it doesnt needs it - if there is one single message in the second and third sections it is that there is no replacement for responsible, informed programming regardless of the syntax or technology used. The chapter entitled 'All Input Is Evil' makes that point well, it - like the others - applies whether you use .net or not. The final section covers 'everything else' - testing, code reviews, installation, error messages, and a good - but brief - chapter on privacy and data security, and an excellent chapter on general good practises.
Part of what made the first edition a classic, to my mind, is that it addressed the security fundamentals *every* programmer on a microsoft platform should be aware of. after reading it i was in doubt of the importance of application security, the core principles, threats and coding countermeasures, and i went on to apply those in subsequent projects.
this edition builds, updates and expands on the first and is, simply, required reading. unlike many sequels, it does not disappoint.
I use the past-tense, but i've really no evidence to suggest that things have changed all that much. Hopefully the wider distribution and publicity granted this second edition will help change that.
The book is organised into four major sections. The first provides background material that outlines the need to secure systems and techniques for designing secure systems. It is carefully written, appropriately illustrated and has only two very small code examples (one of which pseudo-code, the other a couple of lines of asp), making it good for photocopying and distribution to project managers...
The second and third sections provide the bulk of the book - secure coding techniques. As you'd expect buffer overruns, acls, least privilege, crypto, canonical mistakes, sql injection, cross site scripting, dos attacks, to name a few are all covered, and there are chapters on internalisation, sockets, rpc, and one - surprisingly small - on .net. I say surprisingly because a good part of the marketing for this book was that it was updated to cover .net, which it has - but not to the extent you'd think. if you're looking for an in-depth analysis of .net security, this work doesn't have it.
but it doesnt needs it - if there is one single message in the second and third sections it is that there is no replacement for responsible, informed programming regardless of the syntax or technology used. The chapter entitled 'All Input Is Evil' makes that point well, it - like the others - applies whether you use .net or not. The final section covers 'everything else' - testing, code reviews, installation, error messages, and a good - but brief - chapter on privacy and data security, and an excellent chapter on general good practises.
Part of what made the first edition a classic, to my mind, is that it addressed the security fundamentals *every* programmer on a microsoft platform should be aware of. after reading it i was in doubt of the importance of application security, the core principles, threats and coding countermeasures, and i went on to apply those in subsequent projects.
this edition builds, updates and expands on the first and is, simply, required reading. unlike many sequels, it does not disappoint.
12 of 13 people found the following review helpful
Format:Paperback
When I started to read this book, I was convinced that security was an issue, but that I could not do much more than have a good firewall between my users and my app... now I know that my code, and configuration & settings this side of the firewall (all within my control) can make a significant difference to the security of my solutions.
Everyone that codes, review code, design code, design solutions, every one that ever have valuable info on their hard disks should probably read this great book.
2 of 2 people found the following review helpful
Format:Paperback|Amazon Verified Purchase
If you are a developer then this book is mandatory.
You do not realise the threats (from the desktop, the web, Intranet) until you read this book. Attacks come from everywhere.
Reading this together with "Code Complete 2" (Steve McConnell) will surely make you a better developer and your software safer, faster and more secure.
Imagine the consequences of a simple SQL injection attack or a cross site script attack on your customers. Your reputation, your job and your company are at risk. Its as simple as that. Getting a few copies of this for yourself and your colleagues makes sense.
You do not realise the threats (from the desktop, the web, Intranet) until you read this book. Attacks come from everywhere.
Reading this together with "Code Complete 2" (Steve McConnell) will surely make you a better developer and your software safer, faster and more secure.
Imagine the consequences of a simple SQL injection attack or a cross site script attack on your customers. Your reputation, your job and your company are at risk. Its as simple as that. Getting a few copies of this for yourself and your colleagues makes sense.
Would you like to see more reviews about this item?
Were these reviews helpful?
Let us know
Listmania!
Look for similar items by category
- Books > Computing & Internet > Networking & Security > Security > Cryptography & Encryption
- Books > Computing & Internet > Networking & Security > Security > Microsoft Windows
- Books > Computing & Internet > Networking & Security > Security > Programming > Secure Coding
- Books > Computing & Internet > Software & Graphics
Look for similar items by subject
Feedback
- Would you like to update product info or give feedback on images?
- I am the Author, and I want to comment on my book.
- I am the Publisher, and I want to comment on this book.
