Programming Books C Java PHP Python Learn more Browse Programming Books
Hacking the Code and over one million other books are available for Amazon Kindle. Learn more
Qty:1
  • List Price: $54.95
  • Save: $8.02 (15%)
Only 4 left in stock (more on the way).
Ships from and sold by Amazon.com.
Gift-wrap available.
FREE Shipping on orders over $35.
Condition: Used: Good
Comment: Used in Worn Condition. No CD or Access Code. Ex-library books. Some Markings. Small tears and wear on corners and edges
Access codes and supplements are not guaranteed with used items.
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Hacking the Code: ASP.NET Web Application Security Hardcover – Illustrated, May 8, 2004

ISBN-13: 079-2502666586 ISBN-10: 1932266658 Edition: 1st

Buy New
Price: $46.93
27 New from $19.58 42 Used from $0.12
Amazon Price New from Used from
Kindle
"Please retry"
Hardcover, Illustrated
"Please retry"
$46.93
$19.58 $0.12
Paperback
"Please retry"
Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


Frequently Bought Together

Hacking the Code: ASP.NET Web Application Security + Programming .Net Security
Price for both: $82.33

Buy the selected items together
  • Programming .Net Security $35.40

NO_CONTENT_IN_FEATURE

Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Hardcover: 447 pages
  • Publisher: Syngress; 1 edition (May 8, 2004)
  • Language: English
  • ISBN-10: 1932266658
  • ISBN-13: 978-1932266658
  • Product Dimensions: 10.1 x 7.2 x 1.3 inches
  • Shipping Weight: 1.4 pounds (View shipping rates and policies)
  • Average Customer Review: 4.4 out of 5 stars  See all reviews (10 customer reviews)
  • Amazon Best Sellers Rank: #1,941,703 in Books (See Top 100 in Books)

Editorial Reviews

From the Publisher

Are Your Web Applications Really Secure? This unique book walks you through the many threats to your web application code, from managing and authorizing users and encrypting private data to filtering user input and securing XML. For every defined threat, it provides a menu of solutions and coding considerations. And, it offers coding examples and a set of security policies for each of the corresponding threats. Know the threats to your applications:

* Develop secure password policies and how to securely manage user passwords in your web application.

* Establish a secure procedure for resetting lost or forgotten passwords and discover how to properly use secret questions in that process.

* Securely authenticate and authorize users, taking advantage of the advanced capabilities in ASP.NET

* Limit exposure to credential harvesting and brute force password attacks.

* Securely manage user sessions and learn how to create strong user authentication tokens.

* Work with the built-in state providers and securely implement view state in your forms.

* Make sense of the extensive encryption features in ASP.NET and employ symmetric and asymmetric encryption for sensitive data.

* Properly encrypt and store secrets to the registry, a file, or the protected store.

* Filter user input to prevent from SQL injection, directory traversal, cross-site scripting and other application-level attacks.

* Apply techniques such as pattern matching and data reflecting to control exposure to malicious input attacks.

* Configure honey drops to detect attacks on your web application

* Configure IIS and ASP.NET to constrain buffer overflow, denial of service, and other attacks.

* Write secure database access code.

* Secure databases and database drivers.

* Construct secure HTML markup to limit exposure to cross-site scripting and cross-site request forgery attacks.

* Use structured error handling to prevent failure conditions that open holes or reveal sensitive information.
· Integrate XML encryption and apply XML digital signatures. Your Solutions Membership Gives You Access to:
Comprehensive FAQ page that consolidates all of the key points of this book into an easy to search web page
"From the Author" Forum where the authors post timely updates and links to related sites
The complete code listings from the book
These downloadable e-booklets:
Stealing The Network: How to Own a Continent: Product of Fate: The Evolution of a Hacker
Special Ops: Host and Network Security for Microsoft, Unix, and Oracle: Hacking Custom Web Applications
CYA: Securing IIS: Configuring Advanced Web Server Security
IT Ethics Handbook: Programmers and Analysts

About the Author

Mark Burnett (Microsoft MVP) is an independent security consultant, freelance writer, and a specialist in securing Windows-based IIS Web servers. Mark is co-author of Maximum Windows Security and is a contributor to Dr. Tom Shinder's ISA Server and Beyond: Real World Security Solutions for Microsoft Enterprise Networks (Syngress Publishing, ISBN: 1-931836-66-3). He is a contributor and technical editor for Syngress Publishing's Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle (ISBN: 1-931836-69-8). Mark speaks at various security conferences and has published articles in Windows & .NET, Information Security, Windows Web Solutions, Security Administrator, and is a regular contributor at SecurityFocus.com. Mark also publishes articles on his own Web site, IISSecurity.info.

James C. Foster (Technical Editor) is the Deputy Director, Global Security Development for Computer Sciences Corporation where he is leading the task of developing and delivering managed, educational, informational, consulting, and outsourcing security services. Prior to joining CSC, Foster was the Director of Research and Development for Foundstone Inc. and was responsible for all aspects of product and corporate R&D including corporate strategy and international market expansion. Preceding Foundstone, Foster was a Senior Advisor and Research Scientist with Guardent Inc. (acquired by Verisign in 2004 for $135 Million) and an adjunct author at Information Security Magazine (acquired for an undisclosed amount by TechTarget in 2003.) He is commonly asked to comment on pertinent security issues and has been sited in USAToday, Information Security Magazine, Baseline, Computer World, Secure Computing, and the MIT Technologist. James has co-authored or contributed to Snort 2.0 Intrusion Detection (Syngress, ISBN: 1931836744), and Special Ops Host and Network Security for Microsoft, Unix, and Oracle (Syngress, ISBN: 1931836698) as well as Hacking Exposed, Fourth Edition, Advanced Intrusion Detection, Anti-Hacker Toolkit Second Edition, and Anti-Spam Toolkit. James has attended Yale, Harvard, and the University of Maryland and has an AS, BS, MBA and is currently a Fellow at the University of Pennsylvania's Wharton School of Business.


More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

4.4 out of 5 stars
5 star
7
4 star
2
3 star
0
2 star
0
1 star
1
See all 10 customer reviews
This impressed me because it is easy to read this from cover to cover and quickly grasp the subject matter.
Scott Forsyth
One thing I really liked about this book is that it's presented in a way which helps illustrate how hackers could infiltrate your web applications.
ueberhund
By the end of the book I felt like I knew everything about ASP, its amazing how much there really is to know.
Paul Craig

Most Helpful Customer Reviews

4 of 4 people found the following review helpful By D. Bilby on September 26, 2004
Format: Hardcover
I picked up this book after briefly meeting Mark Burnett at Blackhat this year. I've got to say it is really well written, well laid out and covers off all the major .NET issues in impressive detail. I review web application security for a living and I still learnt a thing or two :)

The way in which he covers each of the common web programming flaws means it would still be useful to those who aren't already familiar with the details of application security.

By using a lot of useful code examples, and the excellent summary sections make it a good reference book which will stay handy on my shelf for a long while.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
3 of 3 people found the following review helpful By ueberhund VINE VOICE on October 3, 2004
Format: Hardcover
This is a great book with a lot of really good ideas on improving ASP.NET applications and ASP.NET security. The book is organized into "ideas" which can help secure an ASP.NET (or really any) application. Beneath each idea is a list of what type of threats the specific idea mitigates, followed by the actual ASP.NET implementation. One thing I really liked about this book is that it's presented in a way which helps illustrate how hackers could infiltrate your web applications. I found this to be very effective in driving home a security lesson.

The book is organized into ten different sections on aspects of ASP.NET security, which range from user management (which includes how to handle user names, passwords, and the like) to developing applications with security in mind (which includes issues like cross-site scripting attacks and error logging). Many sites with user management features provide a "Secret Question", which is used in case you forget your password. The secret questions often include questions like "What is the name of your favorite pet?" or "What city were you born in?". The book goes on to show that the secret question concept goes against everything security experts have been saying by demonstrating how hackers can use brute-force attacks along with educated guesses to gain unauthorized access.

This book even discussed connection string issues and encryption in config files, which is an issue I am currently struggling with. Code examples are provided for all of the ideas presented, which are generally quite clever in and of themselves.

If you are serious about improving the security in your ASP.NET applications, then do yourself a favor and read this book. I think you will find it was time well-spent.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
3 of 3 people found the following review helpful By Scott Forsyth on September 23, 2004
Format: Hardcover
I can't say enough good things about Mark Burnett's book Hacking the Code. From beginning to end it is a great read and a great resource. What impressed me from the beginning is how he was able to take such a wide range of difficult topics and make them sound so down to earth. The writing style is so polished and friendly that you almost forget that you are reading about pretty intensive topics.

I was continually impressed at how well formatted the book was. Now, that almost seems unimportant to mention but it's not. Each section gives the goals of that section, the topic thoroughly covered, and then a summary, worth reading I must add, to close off the section. This impressed me because it is easy to read this from cover to cover and quickly grasp the subject matter. Or, if you are reviewing the section, you can use the summary to be reminded of the key points.

VB.Net and C# code examples are plentiful, completely usable and easy to understand.

This book is a must read. Even with the topics that I already had a good handle on, I felt that I was continually picking up new pieces of information and being challenged to review the security I already had in place.

Hacking the Code is an easy read covering difficult topics in a consistent, complete and concise manner. I highly recommend this book without reservation.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
2 of 2 people found the following review helpful By Jack D. Herrington on November 6, 2004
Format: Hardcover
I liked the content here a lot but the organization needs work, and the text is really too terse. In fact, I felt like I was reading an outline. Granted, there are code samples and the book covers all of the important basics, like security database access, validating user input and encrypting critical data.

This is good introductory material on the serious security issues that need to be dealt with when you are developing any web application (not just ASP.NET). But the organization, for me, really detracts from the value of the work.

The book is organized into chapters along the high level groups of issues like data security, sessions, and authentication. Then within each chapter there are a set of threats with discussions and example code. Think of it like a cookbook where the definition of the problem is a lot more terse. At the end of each chapter is a check list and a short FAQ section.

This is not an introductory level book. This is for engineers who understand the ASP.NET framework and are looking for practical advice on how to secure their applications against malicious use.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
2 of 2 people found the following review helpful By Paul Craig on August 31, 2005
Format: Hardcover
Personally I work as a penetration tester, so Hacking the Code was right up my alley. I read the book over the course of a day, stuck at an airport. (...)Mark has a certain way of showing information to the reader in a very clear and thought-out manor. Content of the book may be of highly technical nature but it is very easy to read (a rare mix). By the end of the book I felt like I knew everything about ASP, its amazing how much there really is to know.
If you work in the security industry then this book is a must, however, if you are a developer, webmaster or even someone curious about code security, READ IT.

Highly recommend
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Customer Images


What Other Items Do Customers Buy After Viewing This Item?