Writing Secure Code for Windows Vista (Best Practices (Microsoft)) [Paperback]

Michael Howard (Author), David LeBlanc (Author)

Book Description

ISBN-10: 0735623937 | ISBN-13: 978-0735623934 | Publication Date: April 11, 2007 | Edition: 1

Get the definitive guide to writing more-secure code for Windows Vista—from the authors of the award-winning Writing Secure Code, Michael Howard and David LeBlanc. This reference is ideal for developers who understand the fundamentals of Windows programming and APIs. It complements Writing Secure Code, examining the delta between Windows XP and Windows Vista security. You get first-hand insights into design decisions, lessons learned from Windows Vista development, and practical advice for solving real-world security issues.

Discover how to:

• Develop applications to run without administrator privileges
• Apply best practices for using integrity controls
• Help protect your applications with ASLR, NX, and SafeSEH
• Evaluate authentication, authorization, and cryptography enhancements in Windows Vista
• Write services that restrict privileges and tokens—and sidestep common problems
• Learn how Windows Internet Explorer 7 defenses and new security features affect your development efforts

PLUS—Get Microsoft Visual C#, Visual C++, and C code samples on the Web

Editorial Reviews

From the Publisher

Key Book Benefits:

-Includes coverage of new features, such as ACLs and BitLocker

-Provides a thorough treatment of enhancements to familiar concepts, such as firewalls and authentication

-Includes code samples in C#

About the Author

Michael Howard, CISSP, is a leading security expert. He is a senior security program manager at Microsoft and the coauthor of 19 Deadly Sins of Software Security and the award-winning Writing Secure Code. Michael has worked on Windows security since 1992 and now focuses on secure design, programming, and testing techniques. He is the consulting editor for the Secure Software Development Series of books by Microsoft Press.

David LeBlanc is coauthor of the award-winning Writing Secure Code. He has worked in the software-security industry throughout his professional life and is a senior security technologist in the Information Technology Group at Microsoft where his primary role is helping defend the Microsoft network from attack. Previously, he worked at Internet Security Systems where he was the primary engineer on ISS's award-winning security products. David serves on a number of external security-related advisory boards.

Product Details

• Paperback: 224 pages
• Publisher: Microsoft Press; 1 edition (April 11, 2007)
• Language: English
• ISBN-10: 0735623937
• ISBN-13: 978-0735623934
• Product Dimensions: 8.9 x 7.4 x 0.7 inches
• Shipping Weight: 15.5 ounces
• Average Customer Review: 5.0 out of 5 stars  See all reviews (3 customer reviews)
• Amazon Best Sellers Rank: #1,245,649 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

11 of 11 people found the following review helpful:

5.0 out of 5 stars A must read if you develop for Windows Vista, September 22, 2007

By 

Kartones (Madrid, Spain) - See all my reviews

This review is from: Writing Secure Code for Windows Vista (Best Practices (Microsoft)) (Paperback)

Initially I didn't liked Windows Vista. A resource hog, some incompatibilities... But I had to use it at work so I installed it and worked with it for two months. After that, I really like the security features it has, but I felt like missing more details about specific topics... So I decided to buy this book.

Writing Secure Code for Windows Vista comes as a, mostly C++ oriented (although contains some C# examples), "how to use all new features" book. Very well structured, with lots of code examples, best practices, direct to the topic, and one thing I liked a lot: very sincere. If something is working bad, the authors state it clearly (for example, the Windows Firewall API, which has bugs), and they even provide workarounds to avoid them.

Down to the content, the book covers a lot of topics: New safer C functions, banned APIs, new APIs, UAC, token manipulation, integrity levels, code signing, virtualization, buffer overrun defenses, IPv6, Secure Socket extensions, Windows Firewall (Vista version, of course), IE7 security mechanisms & defenses (very interesting), Windows services development best practices, protected mode API and DEP, and the new CNG (Cryptography API: Next Generation).

Even if you don't usually develop with C++ I highly recommend this book. With it you will learn a lot about all the new security features of Vista. You just need some basic knowledge of standard Windows security features and some C++/API programming.

1 of 1 people found the following review helpful:

5.0 out of 5 stars If only all computer books were like this one, July 13, 2008

By 

Johan Johansson (Stockholm Sweden) - See all my reviews
(REAL NAME)   

This review is from: Writing Secure Code for Windows Vista (Best Practices (Microsoft)) (Paperback)

It contains to the point but thorough information of how to write code that breaks as rarely as possible and when it does break exposes as little as possible to an attacker. At the same time the language is clear and enjoyable.

5.0 out of 5 stars Incredible Value, December 17, 2008

By 

Colin B. Maharaj "Hard Working Programmer" (Trinidad) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: Writing Secure Code for Windows Vista (Best Practices (Microsoft)) (Paperback)

I am a C++ Developer and I was able to get my application Vista UAC compliant, with the valuable information in the book.

What was very strange to me was that I got this book for a few dollars used and in very good condition.

Being a windows developer require some patience and effort, this book compliments that effort and makes it rewarding.