Search for books and compare prices on all major online booksellers with one click!

Home

About Us

Suggest Bookstore

Recommend Us

Title/Keywords

ISBN

Writing Secure Code

AUTHOR: Michael Howard
ISBN: 0735615888
SHORT DESCRIPTION: Writing Secure Code" covers the major aspects of creating secure applications through the entire development process. Its short, easily-digested chapters can provide software designers, architects, developers, and testers with the training, theory,...

Compare Price

	HOME--->> Computers & Internet --->>Web Design & Development --->>Security & Encryption

	Security & Encryption

Editorial Review

Writing Secure Code
- Book Review, by Michael Howard

From Book News, Inc.
Howard and LeBlanc (both are security experts with Microsoft) discuss the need for security and outline its general principles before outlining secure coding techniques. Testing, installation, documentation, and error messages are also covered. Appendices discuss dangerous APIs, dismiss pathetic excuses, and provide security checklists. The book explains how systems can be attacked, uses anecdotes to illustrate common mistakes, and offers advice on making systems secure.Copyright © 2004 Book News, Inc., Portland, OR

Book Description
Security mistakes by software architects, designers, and developers are an ongoing plague that costs businesses millions of dollars every year when malicious intruders attack interconnected applications, steal credit-card numbers, and deface Web sites. WRITING SECURE CODE offers a ready cure. This fact-filled, eye-opening title covers the major aspects of creating secure applications through the entire development process, from secure design, to writing robust code that can easily withstand an attack, to testing applications for security vulnerabilities. Its short, easily-digested chapters can provide software designers, architects, developers, and testers with the training, theory, and techniques they need to take the right actions to ensure security. Topics it covers include security principles, how to design, code, and test for security, how to write secure managed code for Microsoft(r) .NET, why companies neglect security, the 10 immutable laws of security and security administration, and more. Developers who read this title will have the peace of mind that comes from knowing that the code they develop is not only fast, but secure. Both authors are top security experts at Microsoft who have helped solve some of the toughest security problems in the computing industry.

From the Publisher
No more malicious attacks! Learn the best practices for writing secure code, with samples in Microsoft Visual Basic®.NET, Visual C++®, Perl, and Visual C#®.

About the Author
Michael Howard is a security program manager on the Microsoft WindowsXP team, focusing on secure design, programming and testing techniques. He works with hundreds of people both inside and outside the company to help them secure their applications each year. He is the primary author of DESIGING SECURE WEB-BASED APPLICATIONS FOR MICROSOFT WINDOWS 2000 from Microsoft Press. Prior to working in WindowsXP, Michael worked on next-generation Web server technologies and IIS. He has worked on Windows NT® security since 1992 David LeBlanc is a senior security technologist in ITG at Microsoft. His primary role is defending the Microsoft network from attack. He has worked in the security field throughout his professional life, including working at Internet Security Systems where he was the primary engineer on ISS’ award-winning security products. David serves on a number of external security-related advisory boards.

Buy from Amazon Compare Prices

Book Review

Writing Secure Code
- Book Reviews, by Michael Howard

Writing Secure Code

FROM OUR EDITORS

The Barnes & Noble Review
Your code will be attacked. You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how.

This edition draws on the lessons learned and taught throughout Microsoft during the firm�s massive 2002 �Windows Security Push.� It�s a huge upgrade to the respected First Edition, with new coverage across the board.

Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There�s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them.

Then, it�s on to in-depth coverage of today�s key security issues from the developer�s standpoint. Everyone knows buffer overruns are bad: Here�s a full chapter on avoiding them. You�ll learn how to establish appropriate access controls and default to running with least privilege. There�s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You�ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting.

We�ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won�t just improve security -- it�ll dramatically improve robustness and reliability, too. Bill Camarda

Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

ANNOTATION

No more malicious attacks! Learn the best practices for writing secure code, with samples in Microsoft Visual Basic®.NET, Visual C++®, Perl, and Visual C#®.

FROM THE PUBLISHER

Keep black-hat hackers at bay with the tips and techniques in this entertaining, eye-opening book! Developers will learn how to padlock their applications throughout the entire development process-from designing secure applications to writing robust code that can withstand repeated attacks to testing applications for security flaws. Short, easily digested chapters reveal proven principles, strategies, and coding techniques. The authors-two battle-scarred veterans who have solved some of the industry's toughest security problems-provide sample code in several languages. This edition includes updated information about threat modeling, designing a security process, international issues, file-system issues, adding privacy to applications, and performing security code reviews. It also includes enhanced coverage of buffer overruns, Microsoft(r) .NET security, and Microsoft ActiveX(r) development, plus practical checklists for developers, testers, and program managers.

SYNOPSIS

No more malicious attacks! Learn the best practices for writing secure code, with samples in Microsoft Visual Basic®.NET, Visual C++®, Perl, and Visual C#®.

Buy from Barnes & Noble Compare Prices