Skip to content
Paperback Writing Secure Code Book

ISBN: 0735615888

ISBN13: 9780735615885

Writing Secure Code

Select Format

Select Condition ThriftBooks Help Icon


Format: Paperback

Condition: Like New

Save $35.10!
List Price $39.99

1 Available

Book Overview

Writing Secure Code covers the major aspects of creating secure applications through the entire development process. Its short, easily-digested chapters can provide software designers, architects, developers, and testers with the training, theory, and techniques they need to take the right actions to ensure security.

Customer Reviews

5 ratings

Great book if you're serious about writing secure code

I got this book for free from Microsoft, because our company became a Microsoft Partner. I must admit that at first I was a little bit sceptical about it, because afterall this book is published by Microsoft and they have this reputation of selling rather insecure software themselves. But after reading the first few sections I knew it was going to be a very good read.The book explains in very clear language almost every aspect of secure programming and gives a good overview of all common security flaws that can (and will!) enter your programming code. You'll learn how to securely design, implement, test and deploy your programs. Ofcourse buffer overruns are handled (Public Enemy #1 according to the authors), but that's only the tip of the iceberg. The book does a great job by identifying and providing solutions to common security pitfalls. Topics that are handled include: database access, user privileges and Access Control, Cryptography, handling secret data, user input, encoding and internationalization, RPC, DCOM, DOS attacks, .NET and writing secure program documentation.I recommend this book to every programmer out there, even if you're not programming for the Win32-platform. Don't let the fact that this is a Microsoft publication refrain you from buying this book. If you are serious about writing secure programs this is the book to get.

A Must Read for Todays Developer

I bought this book after the *Bill Gates* email came out about Microsoft being serious about security. I figured that when he sends email like this to the company, it's important. And when **he recommends this book** in the email, it's something worth looking at. It is - Writing Secure Code is great. It's an easy read, full of great design, development and testing principles and ideas. The first couple of chapters revolve around design, in fact ch2 is over 70pp long, and it's all about how to design secure systems. The bulk of the book focuses on secure coding, including buffer overruns, sockets, RPC, COM, Crypto, canoniclization issues, least privilege, storing secret data, Web apps - and more!The last part of the book discusses common .NET coding errors, and how to build security test plans.What makes this book utterly unique is it really teaches you how to design and test secure applications, as well as how to write them. The design and test stuff I have seen nowhere else.The book is worth every penny, and I now know why Bill Gates recommends the book to all Microsoft developers.

If you write software then buy this book!

I bought this after reading other reviews, and like many of them I found this book worth every cent. The three manjor portions of the book: secure design, secure coding and security testing are really well explained. In fact, I have never seen any other material in any book on security design and testing. And to those that thing there are no good SSL examples, I have two comments, (a) yes, there is material in the book on when to use SSL (and when not to!) and (b) SSL is no panacea, sometimes SSL is not the correct solution to use, and this book offers exceptional recommendations on how to determine if SSL is indeed the correct solution or not.

Best book I have read about secure software

Too many books talk about how to secure a network, and discuss network-based attacks, but this book is different; it covers how to design, build and test the code at the end of the pipe - the application software.The book is complete in its explanation of how to make sure your application code, be it web-based or otherwise, is secured from attack. I learned a great deal from this book, and, based on code and design reviews of my company's code, the authors obviously know what they are talking about - as we made a lot of fixes, and added many new security test cases to our test suites. Simply put, we never knew we had problems, until we read this book, now it's mandatory reading for all our software engineers.

Great book!

after reading the secure web app chapter, i rushed out and fixed about seven errors in my web-based finance app. the security bugs were bugs i didn't know i had! we've also built cross-site scripting tests based on the commentary in the testing chapter.GREAT BOOK!
Copyright © 2022 Terms of Use | Privacy Policy | Do Not Sell My Personal Information | Accessibility Statement
ThriftBooks® and the ThriftBooks® logo are registered trademarks of Thrift Books Global, LLC
GoDaddy Verified and Secured