About the Book
Practical strategies and proven techniques for building secure applications in a networked world
WRITING SECURE CODE reveals the battle-tested secrets of two veritable code warriors–directly from the trenches of large-scale commercial software development. It's all here–from design pointers to specific code snippets, DCOM to .NET, the Win32® API to Web programming security, and more. Don't even consider going live with a Win32 application on the Internet without reading this book."
JOEL SCAMBRAY, coauthor of HACKING EXPOSED and HACKING EXPOSED WINDOWS 2000
"Secure software has long been considered an oxymoron, since most developers try to sprinkle security on top of their software products rather than baking it in. This clue-full cookbook is filled with from-the-trenches recipes featuring proven security concepts as key ingredients to make software products safer, more secure, and more reliable."
JOHN PESCATORE, Vice President, Gartner, Inc.
Hackers cost businesses countless dollars and cause developers endless worry every year as they attack networked applications, steal credit-card numbers, deface Web sites, hide back doors and worms, and slow network traffic to a crawl. Keep the bad guys at bay with the tips and techniques in this entertaining, eye-opening book. You'll learn how to padlock your applications throughout the entire development process–from designing secured applications, to writing robust code that can withstand repeated attacks, to testing applications for security flaws. Short, easily digested chapters reveal proven security principles, strategies, and coding techniques to give you the peace of mind that comes from knowing you've done everything you can to make your code not only fast, but hacker-proof. The authors–two battle-scarred veterans who have solved some of the toughest security problems in the industry–also give you sample code in numerous languages to demonstrate the specifics of developing security. If you build networked applications and you care about the security of your product, you need this book.
• CONTEMPORARY SECURITY: Security issues that you should address in every development project
• CODING TECHNIQUES FOR SECURITY: Public enemy #1–the buffer overrun, determining good access control, running with least privilege, cryptographic foibles, storing secrets, and canonical representation issues
• NETWORK-BASED APPLICATION CONSIDERATIONS: Socket security; DCOM security, Microsoft® ActiveX® and RPC applications; protecting against denial of service attacks; and helping to protect the security of Web-based services
• SPECIAL CONSIDERATIONS: Writing managed code for the Microsoft .NET Framework without compromising security, security testing, installing software without compromising security, and general good practices
• APPENDIXES: Dangerous APIs, the Ten Immutable Laws of Security, the Ten Immutable Laws of Security Administration, and lame excuses!An eBook, sample code, and tools
Getting Results from Software Development Teams
Software Estimation: Demystifying the Black Art
Number of Ratings: 50