From Book News, Inc.
Howard and LeBlanc (both are security experts with Microsoft) discuss the need for security and outline its general principles before outlining secure coding techniques. Testing, installation, documentation, and error messages are also covered. Appendices discuss dangerous APIs, dismiss pathetic excuses, and provide security checklists. The book explains how systems can be attacked, uses anecdotes to illustrate common mistakes, and offers advice on making systems secure.Copyright © 2004 Book News, Inc., Portland, OR


Book Description
Keep black-hat hackers at bay with the tips and techniques in this entertaining, eye-opening book! Developers will learn how to padlock their applications throughout the entire development process—from designing secure applications to writing robust code that can withstand repeated attacks to testing applications for security flaws. Easily digested chapters reveal proven principles, strategies, and coding techniques. The authors—two battle-scarred veterans who have solved some of the industry’s toughest security problems—provide sample code in several languages. This edition includes updated information about threat modeling, designing a security process, international issues, file-system issues, adding privacy to applications, and performing security code reviews. It also includes enhanced coverage of buffer overruns, Microsoft® .NET security, and Microsoft ActiveX® development, plus practical checklists for developers, testers, and program managers.


From the Publisher
No more malicious attacks! Learn the best practices for writing secure code, with samples in Microsoft Visual Basic®.NET, Visual C++®, Perl, and Visual C#®.


About the Author
Michael Howard is a security program manager on the Microsoft Windows XP team, focusing on secure design, programming, and testing techniques. He works with hundreds of people both inside and outside the company each year to help them secure their applications. He is the author of Designing Secure Web-Based Applications for Microsoft Windows 2000 from Microsoft Press. Prior to working on Windows XP, Michael worked on next-generation Web server technologies and IIS. He has worked on Microsoft Windows NT® security since 1992. David LeBlanc is a senior security technologist in Microsoft’s Information Technology Group. His primary role is defending the Microsoft network from attack. He has worked in the security field throughout his professional life, including working at Internet Security Systems where he was the primary engineer on ISS’s award-winning security products. David serves on a number of external security-related advisory boards.

FROM OUR EDITORS

The Barnes & Noble Review
Your code will be attacked. You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how.

This edition draws on the lessons learned and taught throughout Microsoft during the firm￯﾿ﾽs massive 2002 ￯﾿ﾽWindows Security Push.￯﾿ﾽ It￯﾿ﾽs a huge upgrade to the respected First Edition, with new coverage across the board.

Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There￯﾿ﾽs especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them.

Then, it￯﾿ﾽs on to in-depth coverage of today￯﾿ﾽs key security issues from the developer￯﾿ﾽs standpoint. Everyone knows buffer overruns are bad: Here￯﾿ﾽs a full chapter on avoiding them. You￯﾿ﾽll learn how to establish appropriate access controls and default to running with least privilege. There￯﾿ﾽs detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You￯﾿ﾽll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting.

We￯﾿ﾽve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won￯﾿ﾽt just improve security -- it￯﾿ﾽll dramatically improve robustness and reliability, too. Bill Camarda

Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

ANNOTATION

No more malicious attacks! Learn the best practices for writing secure code, with samples in Microsoft Visual Basic®.NET, Visual C++®, Perl, and Visual C#®.

FROM THE PUBLISHER

Keep black-hat hackers at bay with the tips and techniques in this entertaining, eye-opening book! Developers will learn how to padlock their applications throughout the entire development process-from designing secure applications to writing robust code that can withstand repeated attacks to testing applications for security flaws. Short, easily digested chapters reveal proven principles, strategies, and coding techniques. The authors-two battle-scarred veterans who have solved some of the industry's toughest security problems-provide sample code in several languages. This edition includes updated information about threat modeling, designing a security process, international issues, file-system issues, adding privacy to applications, and performing security code reviews. It also includes enhanced coverage of buffer overruns, Microsoft(r) .NET security, and Microsoft ActiveX(r) development, plus practical checklists for developers, testers, and program managers.

SYNOPSIS