Customer Reviews

Hacking the Code: ASP.NET Web Application Security

5 star:		(7)
4 star:		(2)
3 star:		(0)
2 star:		(0)
1 star:		(1)

 

 

I picked up this book after briefly meeting Mark Burnett at Blackhat this year. I've got to say it is really well written, well laid out and covers off all the major .NET issues in impressive detail. I review web application security for a living and I still learnt a thing or two :)
The way in which he covers each of the common web programming flaws means it would still be useful to those who aren't already familiar with the details of application security.
By using a lot of useful code examples, and the excellent summary sections make it a good reference book which will stay handy on my shelf for a long while.

This is a great book with a lot of really good ideas on improving ASP.NET applications and ASP.NET security. The book is organized into "ideas" which can help secure an ASP.NET (or really any) application. Beneath each idea is a list of what type of threats the specific idea mitigates, followed by the actual ASP.NET implementation. One thing I really liked about this book is that it's presented in a way which helps illustrate how hackers could infiltrate your web applications. I found this to be very effective in driving home a security lesson.

The book is organized into ten different sections on aspects of ASP.NET security, which range from user management (which includes how to handle user names, passwords, and the like) to developing applications with security in mind (which includes issues like cross-site scripting attacks and error logging). Many sites with user management features provide a "Secret Question", which is used in case you forget your password. The secret questions often include questions like "What is the name of your favorite pet?" or "What city were you born in?". The book goes on to show that the secret question concept goes against everything security experts have been saying by demonstrating how hackers can use brute-force attacks along with educated guesses to gain unauthorized access.

This book even discussed connection string issues and encryption in config files, which is an issue I am currently struggling with. Code examples are provided for all of the ideas presented, which are generally quite clever in and of themselves.

If you are serious about improving the security in your ASP.NET applications, then do yourself a favor and read this book. I think you will find it was time well-spent.

I can't say enough good things about Mark Burnett's book Hacking the Code. From beginning to end it is a great read and a great resource. What impressed me from the beginning is how he was able to take such a wide range of difficult topics and make them sound so down to earth. The writing style is so polished and friendly that you almost forget that you are reading about pretty intensive topics.

I was continually impressed at how well formatted the book was. Now, that almost seems unimportant to mention but it's not. Each section gives the goals of that section, the topic thoroughly covered, and then a summary, worth reading I must add, to close off the section. This impressed me because it is easy to read this from cover to cover and quickly grasp the subject matter. Or, if you are reviewing the section, you can use the summary to be reminded of the key points.

VB.Net and C# code examples are plentiful, completely usable and easy to understand.

This book is a must read. Even with the topics that I already had a good handle on, I felt that I was continually picking up new pieces of information and being challenged to review the security I already had in place.

Hacking the Code is an easy read covering difficult topics in a consistent, complete and concise manner. I highly recommend this book without reservation.

Personally I work as a penetration tester, so Hacking the Code was right up my alley. I read the book over the course of a day, stuck at an airport. (...)Mark has a certain way of showing information to the reader in a very clear and thought-out manor. Content of the book may be of highly technical nature but it is very easy to read (a rare mix). By the end of the book I felt like I knew everything about ASP, its amazing how much there really is to know.
If you work in the security industry then this book is a must, however, if you are a developer, webmaster or even someone curious about code security, READ IT.

Highly recommend

I liked the content here a lot but the organization needs work, and the text is really too terse. In fact, I felt like I was reading an outline. Granted, there are code samples and the book covers all of the important basics, like security database access, validating user input and encrypting critical data.

This is good introductory material on the serious security issues that need to be dealt with when you are developing any web application (not just ASP.NET). But the organization, for me, really detracts from the value of the work.

The book is organized into chapters along the high level groups of issues like data security, sessions, and authentication. Then within each chapter there are a set of threats with discussions and example code. Think of it like a cookbook where the definition of the problem is a lot more terse. At the end of each chapter is a check list and a short FAQ section.

This is not an introductory level book. This is for engineers who understand the ASP.NET framework and are looking for practical advice on how to secure their applications against malicious use.

In my never ending attempt to educate myself on web application security I thought it would be a great idea to look at this from the developer perspective. This text is a great piece on the ASP.NET side of development and security. It does a great job of showing what the developer may normally code and why that is NOT security oriented. It is a great tool for bridging the gap between security team and developer team so that you can speak intelligently on both even though you are NOT a developer or security professional. If you have an ASP.NET dev shop in your environment you should have someone if not everyone from your dev and security teams read this book to facilitate a more open line of commination between the two. Highly recommended.

If one is programming any web application in ASP.Net this is the book to read. It is waht is spected from Mark Burnett. I find my self comming back to the book time a time again to get ideas on ways to make my code more secure. This is a must buy for anyone who writes web applications.

Hacking the Code is a must read if you want to pick apart .NET Web applications in the name of better security. More people in development and IT need to read books like this. I like how it focuses on ASP.NET - the language that a large portion of Web applications are developed in today. The book covers the important areas of securing applications and shows some good examples. Appendix A also has some good ASP.NET code samples for real-world concerns.

I especially like the coverage on authentication mechanisms which is something that's often taken for granted by developers but where I tend to find a lot of the weaknesses in the work I do. Plus it doesn't just focus on the technical side of things with the coverage of users awareness and policies. Overall, very good at covering the root of many of our security problems.

english is not my native language but this book has a clear language that is easy to understant and examples are very good. Writer tells many experiences that he faced at past about security, it's vulnarables and precautions.
I highly recommend this book.

The authors can't connect two words together. Don't waste money on this book.