Vous voulez voir cette page en français ? Cliquez ici.

Have one to sell? Sell yours here
Tell the Publisher!
I'd like to read this book on Kindle

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Writing Secure Code [Paperback]

Michael Howard , David LeBlanc
4.7 out of 5 stars  See all reviews (21 customer reviews)

Available from these sellers.


Formats

Amazon Price New from Used from
Paperback CDN $68.09  
Paperback, Nov. 3 2001 --  
There is a newer edition of this item:
Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World 3.2 out of 5 stars (11)
CDN$ 33.22
In Stock.
Join Amazon Student in Canada


Book Description

Nov. 3 2001
Writing Secure Code" covers the major aspects of creating secure applications through the entire development process. Its short, easily-digested chapters can provide software designers, architects, developers, and testers with the training, theory, and techniques they need to take the right actions to ensure security.

Product Details


Product Description

From the Publisher

No more malicious attacks! Learn the best practices for writing secure code, with samples in Microsoft Visual Basic®.NET, Visual C++®, Perl, and Visual C#®.

About the Author

Michael Howard is a security program manager on the Microsoft WindowsXP team, focusing on secure design, programming and testing techniques. He works with hundreds of people both inside and outside the company to help them secure their applications each year. He is the primary author of DESIGING SECURE WEB-BASED APPLICATIONS FOR MICROSOFT WINDOWS 2000 from Microsoft Press. Prior to working in WindowsXP, Michael worked on next-generation Web server technologies and IIS. He has worked on Windows NT® security since 1992

David LeBlanc is a senior security technologist in ITG at Microsoft. His primary role is defending the Microsoft network from attack. He has worked in the security field throughout his professional life, including working at Internet Security Systems where he was the primary engineer on ISS’ award-winning security products. David serves on a number of external security-related advisory boards.


Inside This Book (Learn More)
First Sentence
In memory of all those people who needlessly perished on September 11, 2001. Read the first page
Explore More
Concordance
Browse Sample Pages
Front Cover | Excerpt | Back Cover
Search inside this book:

Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

Customer Reviews

Most helpful customer reviews
5.0 out of 5 stars A Must Read for Todays Developer Jan. 18 2002
Format:Paperback
I bought this book after the *Bill Gates* email came out about Microsoft being serious about security. I figured that when he sends email like this to the company, it's important. And when **he recommends this book** in the email, it's something worth looking at. It is - Writing Secure Code is great. It's an easy read, full of great design, development and testing principles and ideas.
The first couple of chapters revolve around design, in fact ch2 is over 70pp long, and it's all about how to design secure systems.
The bulk of the book focuses on secure coding, including buffer overruns, sockets, RPC, COM, Crypto, canoniclization issues, least privilege, storing secret data, Web apps - and more!
The last part of the book discusses common .NET coding errors, and how to build security test plans.
What makes this book utterly unique is it really teaches you how to design and test secure applications, as well as how to write them. The design and test stuff I have seen nowhere else.
The book is worth every penny, and I now know why Bill Gates recommends the book to all Microsoft developers.
Was this review helpful to you?
Format:Paperback
When deciding on whether or not to buy a book, I normally read the reviews to find out what people did not like. After checking out this book, I am shocked at the comments one of the reviewers wrote, as he unfairly panned the book on something that it was not intended to solve.
If you are looking for a heavy coders book to show you how to code security in your apps, this is probably not the best place to look. While there is some code, that is not the primary focus. You will also be disappointed if you are looking for code samples that easily migrate to other systems.
The book is, overall, very Microsoft-centric. Whether this is good or bad depends largely on your point of view. While you can apply many of the techniques to any platform to shore up holes in your code.
There are many of the security mistakes in this book that I found almost laughable, until I tested code on a few collegues sites. If you code your SQL strings in ADO, for example, you might be leaving a way for a malicious user to gain admin rights to your SQL Server.
If you think there is no way in the world you would ever need a book on security holes in code, then this book is probably tailor made for you. Understand, of course, if you do not do windows, the code samples will be far less useful than if you do.
Was this review helpful to you?
5.0 out of 5 stars Go buy this book, Now! Dec 5 2001
Format:Paperback
There's no other book like this on the market. It is an extremely practical book with lessons learned from security teams at Microsoft. Not only do they tell you about real-life problems they've experienced, they tell you what to avoid and how to best fix security problems. The best thing I like about the book is that it comes with code examples throughout the book that you can use when building your secure applications. It goes completely down and dirty to the details, but with a good 30,000 foot view of how to address security from a Project Management level too.
We've (Foundstone) have been performing security assessments on products and applications for years and have seen the same problems they address in the book out in the software industry. But I still learned a lot of new tricks from the book, especially regarding the Microsoft platform. My only fear is that if people start reading this book, I'll be out of a job!
If you write code, are a project manager, tester, you need to go buy this book, especially if you are working on the Microsoft platform.
Was this review helpful to you?
2.0 out of 5 stars Not bad, not great. Dec 2 2001
Format:Paperback
I know it's really weird buying a book from Microsoft written by people from Microsoft on secure code. Why should you trust them? They know more about Windows than most people!
I read the Linux Secure Programming book online, and the other book Building Secure Software. Those other two books are better organized. It felt more like a collection of lose tips than the other two.
It's also missing a lot. Even though I'd learned a lot of stuff from the other books, I bought this one because I needed to learn how to use the Microsoft APIs to do SSL programming, and I wasn't happy with the documentation I've got access to. I figured this book would have it, but it doesn't, which was a deep disappointment.
Now, this book has taught me some new tricks. It has lots of good windows-specific hints that other books don't have. But if you're not a Windows programmer, don't bother. They don't cover other operating systems as well as the other books do. The book also didn't really teach the basic principles as well as the others. Every Windows programmer should have this book on his desk, but only for the Windows-specific stuff. Buy a better book first.
Was this review helpful to you?
5.0 out of 5 stars Excellent contextual review Jan. 7 2002
Format:Paperback
Wow -- a great and very unexpected find. Michael Howard's experience within the Microsoft organization and David LeBlanc's technical experiences at ISS blend very well to provide a very solid high-level overview of secure coding practices. Of the few texts available for this subject, I would rate this very highly. It is technically neutral enough to survive for longer than it takes me to write this review, while using enough examples to help the reader understand the issues.
This isn't a low-level coding "how-to", and doesn't pretend to be. Providing examples of how to implement every coding algorithm in the short history of coding would be counter-productive. Instead, Howard and LeBlanc provide excellent examples that teach the reader how to think securely, and then carry that information into their coding practices. Phenomenal read, well worth the time.
Was this review helpful to you?
Want to see more reviews on this item?
Most recent customer reviews
4.0 out of 5 stars A good security book especially if you develop on Windows
This is a good book as it does a good job covering the different sources of software insecurities:

- The classical buffer overflows on the stack and on the heap
-... Read more
Published on Dec 16 2007 by Olivier Langlois
5.0 out of 5 stars I saw this book on a colleague's desk...
...so I picked it up and flipped through it. It is packed with valueable (and useable!) information. This book seems so useful, I ordered myself a copy. Read more
Published on June 11 2002 by Alfred Broderick
5.0 out of 5 stars Stellar!
I have to admit to being somewhat skeptical about this book, but after reading 3/4 of it, my skepticism is gone. Read more
Published on March 5 2002 by Hunter
5.0 out of 5 stars Now I know why it's mandatory reading at Microsoft
Say what you will about Microsoft, but at least they are trying to solve their security ills, and I can see why this book is required reading for all developers at the company. Read more
Published on Feb. 25 2002 by "mikehogs2"
5.0 out of 5 stars Not perfect, but perhaps the best you will get!
This is a wonderful book that covers things that are often glossed over in other security books. For instance, the coverage of access control lists, and the difficulties of... Read more
Published on Feb. 12 2002 by Douglas J. Reilly
5.0 out of 5 stars This is a must read....
This is a must read for todays savvy devloper. Michael is obviously a talented individual who shares his insight in a simple no nonsense fashion. Read more
Published on Feb. 4 2002 by Lynne Greenslade
5.0 out of 5 stars Crikey!
As a newcomer to security issues in networked systems, I read this book going progressively whiter, realising that most code, my own included, had glaring invitations to the... Read more
Published on Jan. 28 2002
5.0 out of 5 stars An Excellent Book
This book tells you the nuts and bolts of secure programming in great detail and explained real well. Read more
Published on Jan. 17 2002 by "fpjones"
5.0 out of 5 stars Finally! A Great Book about security!
Finally a book written by authors who know their stuff and can express themselves well. I have read many books about security and most of them focus simply on how things work, but... Read more
Published on Jan. 5 2002 by "smash244"
5.0 out of 5 stars If you write software then buy this book!
I bought this after reading other reviews, and like many of them I found this book worth every cent. Read more
Published on Jan. 3 2002 by "puch87"
Search Customer Reviews
Only search this product's reviews

Look for similar items by category


Feedback