Designing Secure Web-Based Applications for Microsoft Windows 2000 [With CDROM]

The book covers a great deal of ground very quickly. Importantly, the material is easy to read and useful. While the focus is on Windows 2000-based technology, much of the book (most notably, threat modelling, and practical authentication, authorization, privacy and non-repudiation) can be applied to other non-MS technologies. The really cool thing I like the most about the book is it is practical, rather then theoretical. The book gave me ammunition to convince management that they need to spend time/money/resources to insure a secure system, and then the book showed me how to choose appropriate technologies to solve security problems.

A great source of wisdom if you build or deploy web-sites. Well written, greath depth and most of all - easy to read. There is lots of new information previously unpublished. It explains how to design, build, and deploy secure systems without resorting to scare-tactics.

Simply put - I learned more about security from this book than any other book I have previously read. The authors describe web security very well and in an easy to understand manner. Best of all _EVERYTHING_ is by example. None of the book is pure theory and every comment is backed up with supporting facts.Also, unlike many books in vogue today, this is not a scare-mongering book. It treats security in a logical, matter-of-fact manner. You'll love it!

I've read many books about computer and network security, and this blows away all of them. It's easy to read, extremeley pragmatic and, as far as I know, it is the ONLY BOOK that discusses how to design, build and troubleshoot end-to-end security. The degree to which Michael discusses 'real-life' security issues is incredible, there is so much information in this book, and I thought I knew how to build secure solutions. You gotta buy this book, it'll save you time and consulting fees.

This is the best IIS security book I've found yet, and I do Microsoft network security consulting for a living. Most IIS books simply rehash the IIS help files or Resource Kit-- this doesn't. Moreover, IIS 5.0 on Windows 2000 is substantially different than IIS 4.0 on NT, but nobody else I've read tackles the new heavy features like Kerberos authentication, digital certificate mapping to Active Directory, IPsec packet filtering for HTTP, distributed applications with COM+/DCOM, WMI, ADSI, etc.. The CD-ROM is also very useful; for example, it includes a Perl script which will search IIS logs for common attack signatures for intrusion detection. This book is written for security administrators and web-application developers. It has saved me MANY hours of trying to track down IIS 5.0 security internals that might not be documented anywhere else.