- Paperback: 408 pages
- Publisher: Addison-Wesley Professional; 1 edition (October 7, 2004)
- Language: English
- ISBN-10: 0321228359
- ISBN-13: 978-0321228352
- Product Dimensions: 6.9 x 1 x 9 inches
- Shipping Weight: 1.7 pounds (View shipping rates and policies)
- Average Customer Review: 3.9 out of 5 stars See all reviews (18 customer reviews)
- Amazon Best Sellers Rank: #2,261,367 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
The .NET Developer's Guide to Windows Security 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
See the Best Books of 2017 So Far
Looking for something great to read? Browse our editors' picks for the best books of the year so far in fiction, nonfiction, mysteries, children's books, and much more.
Frequently bought together
Customers who viewed this item also viewed
From the Back Cover
"As usual, Keith masterfully explains complex security issues in down-to-earth and easy-to-understand language. I bet you'll reach for this book often when building your next software application."
--Michael Howard, coauthor, Writing Secure Code
"When it comes to teaching Windows security, Keith Brown is 'The Man.' In The .NET Developer's Guide to Windows Security, Keith has written a book that explains the key security concepts of Windows NT, Windows 2000, Windows XP, and Windows Server 2003, and teaches you both how to apply them and how to implement them in C# code. By organizing his material into short, clear snippets, Brown has made a complicated subject highly accessible."
--Martin Heller, senior contributing editor at Byte.com and owner of Martin Heller & Co.
"Keith Brown has a unique ability to describe complex technical topics, such as security, in a way that can be understood by mere mortals (such as myself). Keith's book is a must read for anyone attempting to keep up with Microsoft's enhancements to its security features and the next major version of .NET."
--Peter Partch, principal software engineer, PM Consulting
"Keith's book is a collection of practical, concise, and carefully thought out nuggets of security insight. Every .NET developer would be wise to keep a copy of this book close at hand and to consult it first when questions of security arise during application development."
--Fritz Onion, author of Essential ASP.NET with Examples in C#
The .NET Developer's Guide to Windows Security is required reading for .NET programmers who want to develop secure Windows applications. Readers gain a deep understanding of Windows security and the know-how to program secure systems that run on Windows Server 2003, Windows XP, and Windows 2000.
Author Keith Brown crystallizes his application security expertise into 75 short, specific guidelines. Each item is clearly explained, cross-referenced, and illustrated with detailed examples. The items build on one another until they produce a comprehensive picture of what tools are available and how developers should use them.
The book highlights new features in Windows Server 2003 and previews features of the upcoming version 2.0 of the .NET Framework. A companion Web site includes the source code and examples used throughout the book.
Topics covered include:
- Kerberos authentication
- Access control
- Network security
- Constrained delegation
- Protocol transition
- Securing enterprise services
- Securing remoting
- How to run as a normal user and live a happy life
- Programming the Security Support Provider Interface (SSPI) in Visual Studio.NET 2005
Battle-scarred and emerging developers alike will find in The .NET Developer's Guide to Windows Security bona-fide solutions to the everyday problems of securing Windows applications.
About the Author
Keith Brown focuses on application security at Pluralsight, which he cofounded with several other .NET experts to foster a community, develop content, and provide premier training. Keith regularly speaks at conferences, including TechEd and WinDev, and serves as a contributing editor and columnist to MSDN Magazine.
Browse award-winning titles. See more
If you are a seller for this product, would you like to suggest updates through seller support?
Top customer reviews
Rather, this book is more about approaches to secure development on Windows. In the book you'll find tips on how to develop software using a non-Administrator account, great fundamentals like discussion on IPSEC, Kerberos, policies, etc.
There's also great, detailed discussion of things like COM(+)/Enterprise services, authority and identity, impersonation, and a brief section on threat analysis.
You'll still need another book with details on implementation (see Howard, LeBlanc), but this book really is a great addition to a security-concious developer's bookshelf.
The book covers Windows up to Server 2003 and is written before .Net 2.0 so it most likely needs a revision.
Though this book is available in its entirety on winsecguide.net, if you are like me, you will not be disappointed if you kill a tree and buy the book.
The book deals with Windows security, something every windows developer worth his or her salt should know.
The book is organized as a collection of practical, to the point insights on windows security. 75 topics are covered as items. This is what I like the best about this book. Each topic is short, to the point and covers just the right amount of information. Curious readers are urged to do their own further investigations. Although the book does not directly talk about security as implemented in the .net frameworks, and it may appear that the title is a misnomer, the underlying concepts are beautifully described. This is a very easy to read book. You don't have to spend endless brain cycles to in reading a chapter and get something useful. In about 5 minutes you can read most "items" and digest the nugget of security insight.
The 75 items in the book are grouped into 6 parts or categories. Part 1 paints the Big Picture and lays the groundwork. You will learn about different kinds of attacks and how to mitigate them. Part 2 describes what Security context is all about. Here you can read about security tokens, daemons, impersonation and a host of other things you didn't even know about. In part 3 you will learn about Access Control and how to grant/restrict access to various resources. Part 4 talks about COM(+) and Enterprise Services. Part 5 deals with Network Security. You will learn what Kerberos, SSPI and IPSEC are. Part 6 is for items that did not fit under the other 5 parts. One of the misc items talks about how to store secrets on a machine. You can also learn to programmatically log off or reboot a machine.
To summarize, this is a very easy to read book with bite sized information on windows security. As more and more emphasis is being placed on developing secure applications in an increasingly networked world, you will find yourself reaching for this book often.
Go buy it.
Reviewed by: Greater Charleston .NET User Group
Don't let the title fool you. For its size, this book is an excellent primer on Windows OS and network security for anyone. It is well-written in an entertaining style by a well-known and authoritative author in the field. I highly recommend this as a first read for anyone interested in Windows security as a programmer or administrator.
The book does provide valuable additional information to the .NET programmer, including useful examples in C#. I was able to use it to implement secure access to a database via a web service using Windows built-in security despite the fact that I was already in the middle of learning how to implement web services in the first place.
Due to its age, the book does not cover anything new to Windows Vista or Windows Server 2008. I'd still recommend this book until something equivalent (perhaps a 2nd edition?) good comes out covering those topics at both the Vista AND 2008 level. Alernatively I could see one using this short book as a primer and existing books on Vista and/or future books on 2008 as those become available. I foresee this book being a primary reference for me for quite some time.
It provides an easy to read technical description of various security issues. The book has 75 of what it calls items. Think of these as tips or hacks. Each addresses a security concept. The items are grouped into broad areas like Access Control Lists. What they are and how to maintain them.
The discussions on Kerberos and other crypto related items are fluently explained, without recourse to maths. To actually implement, you may need texts that delve into more detail. But the overviews provided here are very understandable and hit the key concepts.
Most recent customer reviews
"I have read many Sgt. Joe Friday accounts of Windows security--"Just the facts, Ma'am"--; but, Windows...Read more
Brown's treatment of the subject is broad.Read more