- Series: Developer Best Practices
- Paperback: 800 pages
- Publisher: Microsoft Press; 2nd ed. edition (December 22, 2004)
- Language: English
- ISBN-10: 0735617228
- ISBN-13: 978-0735617223
- Product Dimensions: 7.6 x 1.7 x 9.2 inches
- Shipping Weight: 3.4 pounds
- Average Customer Review: 23 customer reviews
- Amazon Best Sellers Rank: #130,476 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World (Developer Best Practices) 2nd ed. Edition
Use the Amazon App to scan ISBNs and compare prices.
All Books, All the Time
Read author interviews, book reviews, editors picks, and more at the Amazon Book Review. Read it now
Customers who bought this item also bought
What other items do customers buy after viewing this item?
About the Author
Michael Howard, CISSP, is a leading security expert. He is a senior security program manager at Microsoft® and the coauthor of The Software Security Development Lifecycle. Michael has worked on Windows security since 1992 and now focuses on secure design, programming, and testing techniques. He is the consulting editor for the Secure Software Development Series of books by Microsoft Press.
David LeBlanc, Ph.D., is a founding member of the Trustworthy Computing Initiative at Microsoft®. He has been developing solutions for computing security issues since 1992 and has created award-winning tools for assessing network security and uncovering security vulnerabilities. David is a senior developer in the Microsoft Office Trustworthy Computing group.
Top customer reviews
- There's no such thing as a small security flaw,
- If you see more than one bug of a given type, there are lots more you didn't see, or
- It can still be a security flaw even if you haven't heard of an exploit.
And, as an example in itself, this helps programmers remember that security specialists really do know more about some things than developers with strengths in other areas. (An embarassing story from the early days of Java, not recounted here, described a blunder that any security specialist would have found in a minute - but it was shipped because the team decided they didn't need the specialist's review since they knew it all.)
Then, in a helpful turn, the authors give voluminous examples of what not to do, what to do instead, and finer point of some of the subtler Windows APIs - the APIs that were used in 2003 (when the book was published) or even earlier (when it was being written). Those details were valuable at the time, but aged incredibly rapidly. Some specifics, like resisting SQL injection attacks, remain salient. Others, like use of RC4 for encryption, have been overtaken by more recent findings. And a few statements just weren't true even when this was written. One, that compiler writers might find ways to optimize "volatile" references away (p.326), would break huge amounts of hardware-oriented code if it were to happen.
Lots of the content remains important and widely applicable - five stars for that part, even with a few glitches. But, because so much discussion depends on Windows-specific and aging APIs, I can't give it full marks for today's (or for a non-Windows) reader.
Most recent customer reviews
I am not a internet programmer, but still this book covers lot of topics how my stand alone...Read more