Enter your mobile number below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Hacking the Code: ASP.NET Web Application Security 1st Edition

4.4 out of 5 stars 10 customer reviews
ISBN-13: 978-1932266658
ISBN-10: 1932266658
Why is ISBN important?
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Have one to sell? Sell on Amazon
Buy used On clicking this link, a new layer will be open
$19.97 On clicking this link, a new layer will be open
Buy new On clicking this link, a new layer will be open
$47.22 On clicking this link, a new layer will be open
More Buying Choices
21 New from $28.73 24 Used from $8.03
Free Two-Day Shipping for College Students with Prime Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student

Windows 10 For Dummies Video Training
Get up to speed with Windows 10 with this video training course from For Dummies. Learn more.
$47.22 FREE Shipping. Only 2 left in stock (more on the way). Ships from and sold by Amazon.com. Gift-wrap available.
click to open popover

Frequently Bought Together

  • Hacking the Code: ASP.NET Web Application Security
  • +
  • Pro ASP.NET Web API Security: Securing ASP.NET Web API (Expert's Voice in .NET)
Total price: $88.01
Buy the selected items together

Editorial Reviews

From the Publisher

Are Your Web Applications Really Secure? This unique book walks you through the many threats to your web application code, from managing and authorizing users and encrypting private data to filtering user input and securing XML. For every defined threat, it provides a menu of solutions and coding considerations. And, it offers coding examples and a set of security policies for each of the corresponding threats. Know the threats to your applications:

* Develop secure password policies and how to securely manage user passwords in your web application.

* Establish a secure procedure for resetting lost or forgotten passwords and discover how to properly use secret questions in that process.

* Securely authenticate and authorize users, taking advantage of the advanced capabilities in ASP.NET

* Limit exposure to credential harvesting and brute force password attacks.

* Securely manage user sessions and learn how to create strong user authentication tokens.

* Work with the built-in state providers and securely implement view state in your forms.

* Make sense of the extensive encryption features in ASP.NET and employ symmetric and asymmetric encryption for sensitive data.

* Properly encrypt and store secrets to the registry, a file, or the protected store.

* Filter user input to prevent from SQL injection, directory traversal, cross-site scripting and other application-level attacks.

* Apply techniques such as pattern matching and data reflecting to control exposure to malicious input attacks.

* Configure honey drops to detect attacks on your web application

* Configure IIS and ASP.NET to constrain buffer overflow, denial of service, and other attacks.

* Write secure database access code.

* Secure databases and database drivers.

* Construct secure HTML markup to limit exposure to cross-site scripting and cross-site request forgery attacks.

* Use structured error handling to prevent failure conditions that open holes or reveal sensitive information.
· Integrate XML encryption and apply XML digital signatures. Your Solutions Membership Gives You Access to:
Comprehensive FAQ page that consolidates all of the key points of this book into an easy to search web page
"From the Author" Forum where the authors post timely updates and links to related sites
The complete code listings from the book
These downloadable e-booklets:
Stealing The Network: How to Own a Continent: Product of Fate: The Evolution of a Hacker
Special Ops: Host and Network Security for Microsoft, Unix, and Oracle: Hacking Custom Web Applications
CYA: Securing IIS: Configuring Advanced Web Server Security
IT Ethics Handbook: Programmers and Analysts

About the Author

Mark Burnett (Microsoft MVP) is an independent security consultant, freelance writer, and a specialist in securing Windows-based IIS Web servers. Mark is co-author of Maximum Windows Security and is a contributor to Dr. Tom Shinder's ISA Server and Beyond: Real World Security Solutions for Microsoft Enterprise Networks (Syngress Publishing, ISBN: 1-931836-66-3). He is a contributor and technical editor for Syngress Publishing's Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle (ISBN: 1-931836-69-8). Mark speaks at various security conferences and has published articles in Windows & .NET, Information Security, Windows Web Solutions, Security Administrator, and is a regular contributor at SecurityFocus.com. Mark also publishes articles on his own Web site, IISSecurity.info.

James C. Foster (Technical Editor) is the Deputy Director, Global Security Development for Computer Sciences Corporation where he is leading the task of developing and delivering managed, educational, informational, consulting, and outsourcing security services. Prior to joining CSC, Foster was the Director of Research and Development for Foundstone Inc. and was responsible for all aspects of product and corporate R&D including corporate strategy and international market expansion. Preceding Foundstone, Foster was a Senior Advisor and Research Scientist with Guardent Inc. (acquired by Verisign in 2004 for $135 Million) and an adjunct author at Information Security Magazine (acquired for an undisclosed amount by TechTarget in 2003.) He is commonly asked to comment on pertinent security issues and has been sited in USAToday, Information Security Magazine, Baseline, Computer World, Secure Computing, and the MIT Technologist. James has co-authored or contributed to Snort 2.0 Intrusion Detection (Syngress, ISBN: 1931836744), and Special Ops Host and Network Security for Microsoft, Unix, and Oracle (Syngress, ISBN: 1931836698) as well as Hacking Exposed, Fourth Edition, Advanced Intrusion Detection, Anti-Hacker Toolkit Second Edition, and Anti-Spam Toolkit. James has attended Yale, Harvard, and the University of Maryland and has an AS, BS, MBA and is currently a Fellow at the University of Pennsylvania's Wharton School of Business.


New York Times best sellers
Browse the New York Times best sellers in popular categories like Fiction, Nonfiction, Picture Books and more. See more

Product Details

  • Hardcover: 447 pages
  • Publisher: Syngress; 1 edition (May 8, 2004)
  • Language: English
  • ISBN-10: 1932266658
  • ISBN-13: 978-1932266658
  • Product Dimensions: 7 x 1.1 x 9.1 inches
  • Shipping Weight: 1.4 pounds (View shipping rates and policies)
  • Average Customer Review: 4.4 out of 5 stars  See all reviews (10 customer reviews)
  • Amazon Best Sellers Rank: #2,010,117 in Books (See Top 100 in Books)

Customer Reviews

Top Customer Reviews

By D. Bilby on September 26, 2004
Format: Hardcover
I picked up this book after briefly meeting Mark Burnett at Blackhat this year. I've got to say it is really well written, well laid out and covers off all the major .NET issues in impressive detail. I review web application security for a living and I still learnt a thing or two :)

The way in which he covers each of the common web programming flaws means it would still be useful to those who aren't already familiar with the details of application security.

By using a lot of useful code examples, and the excellent summary sections make it a good reference book which will stay handy on my shelf for a long while.
Comment 4 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Hardcover
This is a great book with a lot of really good ideas on improving ASP.NET applications and ASP.NET security. The book is organized into "ideas" which can help secure an ASP.NET (or really any) application. Beneath each idea is a list of what type of threats the specific idea mitigates, followed by the actual ASP.NET implementation. One thing I really liked about this book is that it's presented in a way which helps illustrate how hackers could infiltrate your web applications. I found this to be very effective in driving home a security lesson.

The book is organized into ten different sections on aspects of ASP.NET security, which range from user management (which includes how to handle user names, passwords, and the like) to developing applications with security in mind (which includes issues like cross-site scripting attacks and error logging). Many sites with user management features provide a "Secret Question", which is used in case you forget your password. The secret questions often include questions like "What is the name of your favorite pet?" or "What city were you born in?". The book goes on to show that the secret question concept goes against everything security experts have been saying by demonstrating how hackers can use brute-force attacks along with educated guesses to gain unauthorized access.

This book even discussed connection string issues and encryption in config files, which is an issue I am currently struggling with. Code examples are provided for all of the ideas presented, which are generally quite clever in and of themselves.

If you are serious about improving the security in your ASP.NET applications, then do yourself a favor and read this book. I think you will find it was time well-spent.
Comment 3 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Hardcover
I can't say enough good things about Mark Burnett's book Hacking the Code. From beginning to end it is a great read and a great resource. What impressed me from the beginning is how he was able to take such a wide range of difficult topics and make them sound so down to earth. The writing style is so polished and friendly that you almost forget that you are reading about pretty intensive topics.

I was continually impressed at how well formatted the book was. Now, that almost seems unimportant to mention but it's not. Each section gives the goals of that section, the topic thoroughly covered, and then a summary, worth reading I must add, to close off the section. This impressed me because it is easy to read this from cover to cover and quickly grasp the subject matter. Or, if you are reviewing the section, you can use the summary to be reminded of the key points.

VB.Net and C# code examples are plentiful, completely usable and easy to understand.

This book is a must read. Even with the topics that I already had a good handle on, I felt that I was continually picking up new pieces of information and being challenged to review the security I already had in place.

Hacking the Code is an easy read covering difficult topics in a consistent, complete and concise manner. I highly recommend this book without reservation.
Comment 3 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Hardcover
I liked the content here a lot but the organization needs work, and the text is really too terse. In fact, I felt like I was reading an outline. Granted, there are code samples and the book covers all of the important basics, like security database access, validating user input and encrypting critical data.

This is good introductory material on the serious security issues that need to be dealt with when you are developing any web application (not just ASP.NET). But the organization, for me, really detracts from the value of the work.

The book is organized into chapters along the high level groups of issues like data security, sessions, and authentication. Then within each chapter there are a set of threats with discussions and example code. Think of it like a cookbook where the definition of the problem is a lot more terse. At the end of each chapter is a check list and a short FAQ section.

This is not an introductory level book. This is for engineers who understand the ASP.NET framework and are looking for practical advice on how to secure their applications against malicious use.
Comment 2 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Hardcover
Personally I work as a penetration tester, so Hacking the Code was right up my alley. I read the book over the course of a day, stuck at an airport. (...)Mark has a certain way of showing information to the reader in a very clear and thought-out manor. Content of the book may be of highly technical nature but it is very easy to read (a rare mix). By the end of the book I felt like I knew everything about ASP, its amazing how much there really is to know.
If you work in the security industry then this book is a must, however, if you are a developer, webmaster or even someone curious about code security, READ IT.

Highly recommend
Comment 2 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Set up an Amazon Giveaway

Hacking the Code: ASP.NET Web Application Security
Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more about Amazon Giveaway
This item: Hacking the Code: ASP.NET Web Application Security