Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Writing Secure Code Paperback – Nov 3 2001


See all 4 formats and editions Hide other formats and editions
Amazon Price New from Used from
Paperback, Nov 3 2001
CDN$ 23.28 CDN$ 3.35

Join Amazon Student in Canada


NO_CONTENT_IN_FEATURE

Product Details

  • Paperback: 477 pages
  • Publisher: Microsoft Press (Nov. 3 2001)
  • Language: English
  • ISBN-10: 0735615888
  • ISBN-13: 978-0735615885
  • Product Dimensions: 23.2 x 18.6 x 3.6 cm
  • Shipping Weight: 1.1 Kg
  • Average Customer Review: 4.7 out of 5 stars  See all reviews (21 customer reviews)
  • Amazon Bestsellers Rank: #851,577 in Books (See Top 100 in Books)


Inside This Book (Learn More)
First Sentence
In memory of all those people who needlessly perished on September 11, 2001. Read the first page
Explore More
Concordance
Browse Sample Pages
Front Cover | Excerpt | Back Cover
Search inside this book:

Customer Reviews

4.7 out of 5 stars
Share your thoughts with other customers

Most helpful customer reviews

1 of 1 people found the following review helpful By Olivier Langlois on Dec 16 2007
Format: Paperback
This is a good book as it does a good job covering the different sources of software insecurities:

- The classical buffer overflows on the stack and on the heap
- Canonical issues on input
- The least privilege principle
- There is a brief overview on how store a secret

On the last point, the authors know well the topic. If you are using cryptography to protect something in your software but just store the private key in a global variable then you are helping tremendously the job of hackers as all they will have to do is look into your executable binary to search for something that looks like a key. A security measure is as strong as its weakest element and no hacker is foolish enough to attack a cryptographic algorithm that is proven strong. Even if you store the key in a secure place, all that is needed to retrieve the key is to perform a memory dump at the right time just before the software use the key. At least, you can make hackers job harder as there is nothing you can do to make your software 100% safe against hacker if the software is valuable enough to motivate them to hack your software. All you can do by improving your software security is to buy you some time before your software is hacked. All that to say that there is not bullet proof solution against hackers but the book gives solid leads to improve software security in that aspect.

In this book, there is a strong emphasis on Microsoft security technologies. The Windows Crypto API and the Microsoft OSes privileges API are described in length. If you develop on Windows and want to make your software more secure then this is an excellent book for you.
Read more ›
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.
Format: Paperback
...so I picked it up and flipped through it. It is packed with valueable (and useable!) information. This book seems so useful, I ordered myself a copy. Nothing else out there talks about how to write (and test) the security aspects of an application.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.
By Hunter on March 5 2002
Format: Paperback
I have to admit to being somewhat skeptical about this book, but after reading 3/4 of it, my skepticism is gone. It's wonderfully written, full of practical advice to designing and building secure software.
I think the most useful chapter is on threat modelling, we're building such models for all our apps.
Say what you will about Microsoft,but this book is great! And, hopefully a sign of things to come from the company.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.
Format: Paperback
Say what you will about Microsoft, but at least they are trying to solve their security ills, and I can see why this book is required reading for all developers at the company. It's well written, well edited and full of really useful stuff about designing and building secure systems.
It covers all the stuff you'd expect and much more: buffer overruns and how to prevent them, as well as ACLs, least priv, crypto, managed code, tesing, threat analysis, sockets mistakes, installation, web issues and much more.
If Microsoft follows the guidelines in this book, the will succeed if their goal of trustworthy computing.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.
Format: Paperback
This is a wonderful book that covers things that are often glossed over in other security books. For instance, the coverage of access control lists, and the difficulties of controlling them, are well covered. I wish it had more information on the .NET Framework (there are I believe 2 chapters covering .NET security issues) but the editing is clean (something I am a bit of a finatic about) and the writing style is good enough to make this relatively dry topic an enjoyable read.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.
Format: Paperback
This is a must read for todays savvy devloper. Michael is obviously a talented individual who shares his insight in a simple no nonsense fashion. You can spend 10 yrs making all these mistakes and learning from them or just read this book! I have brought several for our department that have become well thumbed in only a few weeks.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.
By A Customer on Jan. 28 2002
Format: Paperback
As a newcomer to security issues in networked systems, I read this book going progressively whiter, realising that most code, my own included, had glaring invitations to the ill-adjusted individuals that get kicks from spreading malware and owning other people's computers to do me some damage. This changes everything. This book is the first toolbox I have ever encountered for giving developers a better than even chance against the hackers. More power to Howard and LeBlanc's elbows! Well done, gentlemen.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.
Format: Paperback
I bought this book after the *Bill Gates* email came out about Microsoft being serious about security. I figured that when he sends email like this to the company, it's important. And when **he recommends this book** in the email, it's something worth looking at. It is - Writing Secure Code is great. It's an easy read, full of great design, development and testing principles and ideas.
The first couple of chapters revolve around design, in fact ch2 is over 70pp long, and it's all about how to design secure systems.
The bulk of the book focuses on secure coding, including buffer overruns, sockets, RPC, COM, Crypto, canoniclization issues, least privilege, storing secret data, Web apps - and more!
The last part of the book discusses common .NET coding errors, and how to build security test plans.
What makes this book utterly unique is it really teaches you how to design and test secure applications, as well as how to write them. The design and test stuff I have seen nowhere else.
The book is worth every penny, and I now know why Bill Gates recommends the book to all Microsoft developers.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.

Product Images from Customers

Search


Feedback