Customer Reviews

Designing Secure Web-Based Applications for Microsoft Windows 2000 (DV-MPS Designing)

5 star:		(13)
4 star:		(0)
3 star:		(1)
2 star:		(0)
1 star:		(1)

 

 

This is the best IIS security book I've found yet, and I do Microsoft network security consulting for a living. Most IIS books simply rehash the IIS help files or Resource Kit-- this doesn't. Moreover, IIS 5.0 on Windows 2000 is substantially different than IIS 4.0 on NT, but nobody else I've read tackles the new heavy features like Kerberos authentication, digital certificate mapping to Active Directory, IPsec packet filtering for HTTP, distributed applications with COM+/DCOM, WMI, ADSI, etc.. The CD-ROM is also very useful; for example, it includes a Perl script which will search IIS logs for common attack signatures for intrusion detection. This book is written for security administrators and web-application developers. It has saved me MANY hours of trying to track down IIS 5.0 security internals that might not be documented anywhere else.

The book covers a great deal of ground very quickly. Importantly, the material is easy to read and useful. While the focus is on Windows 2000-based technology, much of the book (most notably, threat modelling, and practical authentication, authorization, privacy and non-repudiation) can be applied to other non-MS technologies.

The really cool thing I like the most about the book is it is practical, rather then theoretical.

The book gave me ammunition to convince management that they need to spend time/money/resources to insure a secure system, and then the book showed me how to choose appropriate technologies to solve security problems.

A great source of wisdom if you build or deploy web-sites. Well written, greath depth and most of all - easy to read. There is lots of new information previously unpublished.

It explains how to design, build, and deploy secure systems without resorting to scare-tactics.

Simply put - I learned more about security from this book than any other book I have previously read. The authors describe web security very well and in an easy to understand manner. Best of all _EVERYTHING_ is by example. None of the book is pure theory and every comment is backed up with supporting facts.

Also, unlike many books in vogue today, this is not a scare-mongering book. It treats security in a logical, matter-of-fact manner.

You'll love it!

I've read many books about computer and network security, and this blows away all of them. It's easy to read, extremeley pragmatic and, as far as I know, it is the ONLY BOOK that discusses how to design, build and troubleshoot end-to-end security. The degree to which Michael discusses 'real-life' security issues is incredible, there is so much information in this book, and I thought I knew how to build secure solutions.

You gotta buy this book, it'll save you time and consulting fees.

I have always thought that n-tier security was next to impossible. This books proves it isn't. The book discusses the pros and cons of various ways of building secure n-tier applications.

Covers browser, Windows 2000, IIS, COM+ and SQL Server security as well as Kerberos, Certificates, Keys, SSL/TLS and much, much more. And it's all very cohesive!

Covers lots of security topics including ACLs, Active Directory, IIS security, COM+, X.509 certificates, Kerberos, etc. This book explains even the most advanced material in a language you can actually understand. Useful for experts and beginners alike.

This book covers all issues pertaining to building and securing web applications. From the browser all the way to the database server. This is the only book I've read which includes database and component security as a critical part of the solution.

Highly Recommended.

The best book I've read regarding web security. Covers a lot of ground, quickly and logically. I didn't realise there was so much to learn. The author's obviously know their stuff and have had their fair share of battle wounds, it shows in the non-alarming wisdom throughout the book. They've 'been there, done that.'

Covers all the bases for building secure applications, not just little bits of security. This is a failing of so many other security books.

Security is a strong as the weakest link and this is the only book that covers all the links.

I was dissapointed with this book because it did not go to the depth a developer would need to make the most of the Windows 2000/NT security technologies. It does give a great overview of Windows 2000/NT security but offers very little to those who are already familiar with the concepts already.