Programmer's Ultimate Security DeskRef

If you're a typical programmer, you may be unaware of the potential security risks of certain statements in your language of choice. The new book Programmer's Ultimate Security DeskRef by James C. Foster (Syngress) can help you in that area. Chapter List: ASP; C; C++; C#; ColdFusion; JavaScript; JScript; LISP; Perl; PHP; Python; VBA; VBScript For as far as this book goes, it does a nice job. Each chapter for a language lists the language, and how it's used (like an example program line). There's a summary of what it does, along with a short description of how it should be used. You then get into the security aspect with a section on risk (how it might be used or exploited by an attacker), impact of the risk, and a list of additional resources where you can find more information on the risk issue. Finally, if applicable, there's a cross-reference to any other language statements that might have the same issue. The information that's contained in the book is good, to be sure. If you use any of these languages in your normal coding efforts, you'll likely discover hidden risks in your program that you didn't know existed. I would have liked to see two other features in the book, however. The first thing I would have liked is to see a more concrete example of the potential exploit. Some of the risk assessments are general in nature, and you might have a hard time trying to bridge the gap between general caution and actual usage. And second, it seems like there could have been some additional languages added to the mix. Visual Basic isn't included (although it could be argued that VBA is close enough). Java seems to be an obvious exclusion, and it would have been much more valuable to me with that language included. And if you included ASP, you could have just as easily included JSP along with it. Even with those omission or caveats, it's still a valuable addition to a programmer's bookshelf.