Writing Secure Code

Fülszöveg

"During th* past two decades, computers have revolutionized the way we live. They are now part of every critical infrastructure, from telecommunications to banking to transportation, and they contain vast amounts of sensitive data, such as personal health and financial records. Building secure software is now more critical than ever to protecting our future, and every software developer must learn how to integrate security into all their projects. Writing Secure Code. which is required reading at Microsoft and which is helping us deliver Trustworthy Computing to our customers, provides developers with the foundation necessary to do security right."
BILL GATES
Chief Software Architect,
Microsoft Corporation
About the Authors
Michael Howard, author of Designing Secure Web-Based Applications for Microsoft^ Windows^ 2000 and coauthor of Writing Secure Code from Microsoft Press, focuses on secure design, programming, and testing as part of the Secure Windows Initiative on the... Tovább

Fülszöveg

"During th* past two decades, computers have revolutionized the way we live. They are now part of every critical infrastructure, from telecommunications to banking to transportation, and they contain vast amounts of sensitive data, such as personal health and financial records. Building secure software is now more critical than ever to protecting our future, and every software developer must learn how to integrate security into all their projects. Writing Secure Code. which is required reading at Microsoft and which is helping us deliver Trustworthy Computing to our customers, provides developers with the foundation necessary to do security right."
BILL GATES
Chief Software Architect,
Microsoft Corporation
About the Authors
Michael Howard, author of Designing Secure Web-Based Applications for Microsoft^ Windows^ 2000 and coauthor of Writing Secure Code from Microsoft Press, focuses on secure design, programming, and testing as part of the Secure Windows Initiative on the Microsoft Windows development team. He is also one of the architects of the Security Push Series at Microsoft. David LeBlanc, coauthor of Writing Secure Code, is a key member of the Trustworthy Computing Initiative at Microsoft and has also worked in network security, writing network auditing tools and conducting internal penetration tests.
Hackers cost countless dollars and cause endless worry every year as they attach networked applications, steal credit-card numbers, deface Web sites, and slow neij^yr traffic to a crawl. Learn techniques that can help keep the bad guys at bay with thi': entertaining, eye-opening book—now updated with the latest security threats plus lessons learned from the recent security pushes at Microsoft. You'll learn how to padlock your applications throughout development—from designing secure applications to writing robust code that can withstand repeated attacks to testing applications for security flaws. Easily digested chapters explain security principles, strategies, and coding techniques that can help make your code more resistant to attack. The authors—two battle-scarred veterans who have solved some of the industry's toughest security problems—provide sample code to demonstrate specific development techniques. If you write code and care about security, you need this book.
Topics include:
¦ Contemporary security: The need for secure systems, and security principles to live by; NEW: Developing with secure coding techniques, and threat modeling
¦ Secure coding techniques: Public enemy #1—the buffer overrun, determining appropriate access control, running with least privilege, cryptographic foibles, protecting secret data, and canonical representation issues; NEW: Preventing evil input, solving database input, Web-based errors including cross-site scripting, and internationalization issues
¦ Even more secure coding techniques: Socket security; securing DCOM, ActiveX* and RPC applications; protecting against denial-of-service attacks; and file-system issues; NEW: Developing Microsoft .NET code with secure coding techniques
¦ Special topics: A rigorous process for testing secure applications, secure software installation, and general good practices; NEW: Performing a security code review; building privacy into your application; and writing complete, clear, and concise security documentation and meaningful error messages
¦ Appendixes: Dangerous APIs, plus ridiculous excuses we've heard and why we still don't believe them; NEW: Security checklists for designers, developers, and testers
Includes sample code on the Web at:
The Companion Content link on microsoft.com/mspress/books/5957.asp For System Requirements, see the book's Introduction.
lSBN-13. 978^ 7356-1722-3 IS8N-10. 0-735&1722-8
To see the full line of Microsoft Press" developer resources, go to: microsoft.com/mspress/developer
Programming/Security
U.S.A. $49.99 Canada $72.99
[Hecornmended]
Part No. X08-92515
978073561722390000 Vissza