Visual Basic.Net Code Security Handbook

I found this to be one of the better Wrox books I have read in quite some time. Many of the topics discussed in this book should be common knowledge in the .NET world, but I can guarantee they are not. In fact, I cently was involved in a panel discussion at a popular developer conference, and then the panelists asked the audience who used code access security, not a single hand was raised.This book covers many .Net security topics very well. It is intended as a handbook, and its size keeps the focus somewhat narrow. For this reason, every serious developer should have more security literature than just this book. On the other hand, if every developer just set aside the few hours it takes to read this book, then we would have much more secure software.Bottom line: Great book that does exactly what it set out to do. However, reading additional security books such as Writing Solid Code as well as other .NET specific security books is highly recommended.

Should be required reading for all .NET developers, both C# and VB.NET. Chapters 5 & 6 are strong, with some good lessons on leveraging the .NET security framework and overall secure coding techniques.

So you're wading into the .net world and there's talk of code access security? Where do you start?With an entire chapter devoted to 'How to write insecure code' followed by a chapter devoted to 'How to write secure code', Lippert's book shows us the common mistakes (even if we have the right intentions) that can leave our .Net code vunerable to attack and he shows ways to secure it. Even more is offered up for digestion in the chapter called 'Spot the Security Bug' - or perhaps it could be entitled 'have you understood all that you've read so far?'This book definitely opened my eyes to security risks that I've never even contemplated... And if you want to star in the next movie on cryptography, that's dealt with as well - though I didn't read that chapter myself.So is this book worth it? Will it help you to start using the code security features of .Net? Yes. It definitely gets you started and you'll be able to do some basic but very powerful security quickly with a bit of practice. And thanks to all the tips on bad techniques, you'll avoid making mistakes that could leave your apps exposed.Does it leave you wanting more? Yes. But in all fairness it is a 'Handbook'. I would also say that experienced developers would get more from this book than rookies like myself. I expect as my experience developes, I'll be going back to this book more and more. What would I add? .Net comes with a variety of utilities. Some of these are briefly covered. There are tools to secure and view assembly permissions - I'd got more if this book combined the code security aspect with the use of these utilities and walked me through some real world examples - CASPOOL.exe and PERMVIEW.exe are not covered in any great detail - but would augment the subject matter nicely if they were. For those new to the .Net world (aren't we all? but I mean really new), I think atleast one chapter that details a simple app would be nice - it could cover everything from1) XP/NT security settings and perhaps show how to do a few basic things here2) The stuff that this book already does well - code security3) Using various utilities that come with visual studio .net to view permissions, set permissions on assemblies 4) and for good measure, give us some tips on how to test some of this security - how do you test something you're preventing from happening so you know it works? (some details are offered in the book on this and I found them useful)But again, in fairness to the author, that's more a 500 pager type of book and this is a handbook. If Code Security is mysterious to you or you know just enough to want more details, this book is a great start.