Quantity:

More Buying Choices

43 used & new from �5.01

Have one to sell? Sell yours here

Writing Secure Code 2nd Edition (Paperback)

by Michael Howard and David LeBlanc (Author) "As the Internet grows in importance, applications are becoming highly interconnected ..." (more)

5.0 out of 5 stars See all reviews (3 customer reviews)

RRP:	�39.49
Price:	�22.04 & this item Delivered FREE in the UK with Super Saver Delivery. See details and conditions
You Save:	�17.45 (44%)
	o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o

In stock.
Dispatched from and sold by Amazon.co.uk. Gift-wrap available.

Only 3 left in stock--order soon (more on the way).

Want guaranteed delivery by Tuesday, December 1? Choose Express delivery at checkout. See Details

28 new from �19.95 15 used from �5.01

Other Editions:	RRP:	Our Price:	Other Offers:
Paperback (Pap/Cdr)			18 used & new from �1.98

12 Days of Christmas Sale in Books
Get up to 65% off some of our top titles. Shop now

› See more product promotions

Special Offers and Product Promotions

Illuminate your book with the innovative Philips LED reading light--exclusive to Amazon.co.uk. Shop now.

Frequently Bought Together

Price For All Three: �60.46

Show availability and delivery details

This item: Writing Secure Code 2nd Edition by Michael Howard and David LeBlanc
In stock.
Dispatched from and sold by Amazon.co.uk.
This item Delivered FREE in the UK with Super Saver Delivery. See details and conditions
The Security Development Lifecycle Book/CD Package by Michael Howard and Steve Lipner
In stock.
Dispatched from and sold by Amazon.co.uk.
This item Delivered FREE in the UK with Super Saver Delivery. See details and conditions
19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them (Security One-off) by Michael Howard
In stock.
Dispatched from and sold by Amazon.co.uk.
This item Delivered FREE in the UK with Super Saver Delivery. See details and conditions

Customers Who Bought This Item Also Bought

The Security Development Lifecycle Book/CD Package

by Michael Howard and Steve Lipner

�26.51

19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them (Security One-off)

by Michael Howard

5.0 out of 5 stars (1) �11.91

Threat Modeling (Microsoft Professional)

by Frank Swiderski and Window Snyder

�23.99

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws

by Dafydd Stuttard

5.0 out of 5 stars (3) �20.09

Security Engineering: A Guide to Building Dependable Distributed Systems

by Ross J. Anderson

4.9 out of 5 stars (8) �27.03

› Explore similar items

Product details

Paperback: 798 pages
Publisher: MICROSOFT PRESS; 2 edition (1 Dec 2002)
Language English
ISBN-10: 0735617228
ISBN-13: 978-0735617223
Product Dimensions: 22.1 x 18.8 x 5.1 cm

Average Customer Review: 5.0 out of 5 stars See all reviews (3 customer reviews)

Amazon.co.uk Sales Rank: 220,612 in Books (See Bestsellers in Books)

Popular in these categories:

#1 in	Books > Computing & Internet > Computer Science > Security > Programming > Secure Coding
#8 in	Books > Computing & Internet > Microsoft Windows > Security
#69 in	Books > Computing & Internet > Computer Science > Security > Cryptography & Encryption

Would you like to update product info or give feedback on images?

See Complete Table of Contents

Customers Viewing This Page May Be Interested in These Sponsored Links

(What is this?)

Fonts.com opens new browser window

www.fonts.com - Over 150,000 quality fonts Free font with purchase

American Safe Outlet opens new browser window

www.americansafeoutlet.com - Source for Pro-Lock, AMSEC, plus Much More. Up to 45% Off

Need Writing Help? opens new browser window

Essaywriters.com - 100% original papers No Plagiarism Professional Fast Help 24/7

Product Description

Keep black-hat hackers at bay with the tips and techniques in this entertaining, eye-opening book! Developers will learn how to padlock their applications throughout the entire development process—from designing secure applications to writing robust code that can withstand repeated attacks to testing applications for security flaws. Short, easily digested chapters reveal proven principles, strategies, and coding techniques. The authors—two battle-scarred veterans who have solved some of the industry’s toughest security problems—provide sample code in several languages. This edition includes updated information about threat modeling, designing a security process, international issues, file-system issues, adding privacy to applications, and performing security code reviews. It also includes enhanced coverage of buffer overruns, Microsoft® .NET security, and Microsoft ActiveX® development, plus practical checklists for developers, testers, and program managers.

Inside This Book (Learn More)

First Sentence
As the Internet grows in importance, applications are becoming highly interconnected. Read the first page

Explore More
Concordance

Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index

Suggested Tags from Similar Products

(What's this?)

Be the first one to add a relevant tag (keyword that's strongly related to this product)

software security

security

software engineering

software development

programming

development

secure software

What Do Customers Ultimately Buy After Viewing This Item?

	78% buy the item featured on this page: Writing Secure Code 2nd Edition 5.0 out of 5 stars (3) �22.04
	7% buy 19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them (Security One-off) 5.0 out of 5 stars (1) �11.91
	6% buy Threat Modeling (Microsoft Professional) �23.99
	5% buy The Security Development Lifecycle Book/CD Package �26.51

Explore similar items

Customer Reviews

3 Reviews

5 star:		(3)
4 star:		(0)
3 star:		(0)
2 star:		(0)
1 star:		(0)

Average Customer Review

5.0 out of 5 stars (3 customer reviews)

Share your thoughts with other customers:

Create your own review

Most Helpful Customer Reviews

24 of 24 people found the following review helpful:

5.0 out of 5 stars required reading, 29 Aug 2003

By	"robbieharris" - See all my reviews

Some years ago i worked for a software house with over 30 developers, of which only one other had read the first edition of this book. I don't think that was uncommon. Few developers cared about application security in general terms, their encounters with security being an inconvenience that either 'broke' code or (often post-exploit) resulted in 'extra work' bug-fixing.
I use the past-tense, but i've really no evidence to suggest that things have changed all that much. Hopefully the wider distribution and publicity granted this second edition will help change that.
The book is organised into four major sections. The first provides background material that outlines the need to secure systems and techniques for designing secure systems. It is carefully written, appropriately illustrated and has only two very small code examples (one of which pseudo-code, the other a couple of lines of asp), making it good for photocopying and distribution to project managers...
The second and third sections provide the bulk of the book - secure coding techniques. As you'd expect buffer overruns, acls, least privilege, crypto, canonical mistakes, sql injection, cross site scripting, dos attacks, to name a few are all covered, and there are chapters on internalisation, sockets, rpc, and one - surprisingly small - on .net. I say surprisingly because a good part of the marketing for this book was that it was updated to cover .net, which it has - but not to the extent you'd think. if you're looking for an in-depth analysis of .net security, this work doesn't have it.
but it doesnt needs it - if there is one single message in the second and third sections it is that there is no replacement for responsible, informed programming regardless of the syntax or technology used. The chapter entitled 'All Input Is Evil' makes that point well, it - like the others - applies whether you use .net or not. The final section covers 'everything else' - testing, code reviews, installation, error messages, and a good - but brief - chapter on privacy and data security, and an excellent chapter on general good practises.
Part of what made the first edition a classic, to my mind, is that it addressed the security fundamentals *every* programmer on a microsoft platform should be aware of. after reading it i was in doubt of the importance of application security, the core principles, threats and coding countermeasures, and i went on to apply those in subsequent projects.
this edition builds, updates and expands on the first and is, simply, required reading. unlike many sequels, it does not disappoint.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)

12 of 13 people found the following review helpful:

5.0 out of 5 stars From vuagely interested in security to a security convert, 14 Nov 2002

By	"bielie" - See all my reviews

This review is from: Writing Secure Code (Paperback)

When I started to read this book, I was convinced that security was an issue, but that I could not do much more than have a good firewall between my users and my app... now I know that my code, and configuration & settings this side of the firewall (all within my control) can make a significant difference to the security of my solutions.

Everyone that codes, review code, design code, design solutions, every one that ever have valuable info on their hard disks should probably read this great book.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)

2 of 2 people found the following review helpful:

5.0 out of 5 stars Mandatory, 28 Feb 2007

By	Dominic Batstone (London) - See all my reviews (TOP 1000 REVIEWER) (REAL NAME)

If you are a developer then this book is mandatory.

You do not realise the threats (from the desktop, the web, Intranet) until you read this book. Attacks come from everywhere.

Reading this together with "Code Complete 2" (Steve McConnell) will surely make you a better developer and your software safer, faster and more secure.

Imagine the consequences of a simple SQL injection attack or a cross site script attack on your customers. Your reputation, your job and your company are at risk. Its as simple as that. Getting a few copies of this for yourself and your colleagues makes sense.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)

Share your thoughts with other customers: Create your own review

› See all 3 customer reviews...

.jsOffDisplayBlock { display: block; } .jsOffDisplayInline { display: inline; } .jsOffVisibility { visibility: visible; } .jsOnDisplayBlock { display: none; } .jsOnDisplayNoneBlock { display: block; } .jsOnDisplayNoneInline { display: inline; } .jsOnDisplayInline { display: none; } .jsOnVisibility { visibility: hidden; } .jqOnDisplayBlock { display: none; } .jqOnDisplayInline { display: none; } .jqOnVisibility { visibility: hidden; } .jqOnDisplayNoneBlock { display: block; } .jqOnDisplayNoneInline { display: inline; }