Buy used:
$5.99
$8.39 delivery July 26 - August 16. Details
Used: Like New | Details
Sold by ThriftBooks-Seattle
Condition: Used: Like New
Comment: Pages are clean and are not marred by notes or folds of any kind. ~ ThriftBooks: Read More, Spend Less
Access codes and supplements are not guaranteed with used items.
In stock
Added to

Sorry, there was a problem.

There was an error retrieving your Wish Lists. Please try again.

Sorry, there was a problem.

List unavailable.
Other sellers on Amazon
New & Used (14) from   $5.99
Kindle app logo image

Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.

Read instantly on your browser with Kindle for Web.

Using your mobile phone camera - scan the code below and download the Kindle app.

QR code to download the Kindle App

Follow the authors

Michael Howard
Follow
David LeBlanc
Follow
Something went wrong. Please try your request again later.

Writing Secure Code

by Michael Howard (Author), David LeBlanc (Author)
3.8 3.8 out of 5 stars 24 ratings
See all formats and editions

There is a newer edition of this item:

Writing Secure Code, Second Edition
Writing Secure Code, Second Edition
$24.75
(61)
Only 1 left in stock - order soon.
Writing Secure Code"" covers the major aspects of creating secure applications through the entire development process. Its short, easily-digested chapters can provide software designers, architects, developers, and testers with the training, theory, and techniques they need to take the right actions to ensure security.
Previous slide of product details
  1. ISBN-10
    0735615888
  2. ISBN-13
    978-0735615885
  3. Publisher
    Microsoft Press
  4. Publication date
    November 3, 2001
  5. Language
    English
  6. Dimensions
    7.35 x 1.32 x 9.15 inches
  7. Print length
    477 pages
  8. See all details
Next slide of product details

Customer reviews

3.8 out of 5 stars
3.8 out of 5
24 global ratings

Top reviews from the United States

KiwiNOrlando
5.0 out of 5 stars This is a must read....
Reviewed in the United States on February 5, 2002
Verified Purchase
This is a must read for todays savvy devloper. Michael is obviously a talented individual who shares his insight in a simple no nonsense fashion. You can spend 10 yrs making all these mistakes and learning from them or just read this book! I have brought several for our department that have become well thumbed in only a few weeks.
Helpful
 Report
sergio mujica
3.0 out of 5 stars Three Stars
Reviewed in the United States on August 9, 2015
Verified Purchase
no comment
Helpful
 Report
Alfred Broderick
5.0 out of 5 stars I saw this book on a colleague's desk...
Reviewed in the United States on June 11, 2002
Verified Purchase
...so I picked it up and flipped through it. It is packed with valueable (and useable!) information. This book seems so useful, I ordered myself a copy. Nothing else out there talks about how to write (and test) the security aspects of an application.
Helpful
 Report
Kinshumann
1.0 out of 5 stars Okay overview
Reviewed in the United States on September 21, 2007
Okay overview. Not many details good for beginning programmers who are learning how to code right. Not really for understanding windows security or architecture, but then that is not the intention of the book.
One person found this helpful
Helpful
 Report
Josh Anderson
2.0 out of 5 stars Not bad, not great.
Reviewed in the United States on December 2, 2001
I know it's really weird buying a book from Microsoft written by people from Microsoft on secure code. Why should you trust them? They know more about Windows than most people!
I read the Linux Secure Programming book online, and the other book Building Secure Software. Those other two books are better organized. It felt more like a collection of lose tips than the other two.
It's also missing a lot. Even though I'd learned a lot of stuff from the other books, I bought this one because I needed to learn how to use the Microsoft APIs to do SSL programming, and I wasn't happy with the documentation I've got access to. I figured this book would have it, but it doesn't, which was a deep disappointment.
Now, this book has taught me some new tricks. It has lots of good windows-specific hints that other books don't have. But if you're not a Windows programmer, don't bother. They don't cover other operating systems as well as the other books do. The book also didn't really teach the basic principles as well as the others. Every Windows programmer should have this book on his desk, but only for the Windows-specific stuff. Buy a better book first.
20 people found this helpful
Helpful
 Report
Olivier Langlois
4.0 out of 5 stars A good security book especially if you develop on Windows
Reviewed in the United States on December 16, 2007
This is a good book as it does a good job covering the different sources of software insecurities:

- The classical buffer overflows on the stack and on the heap
- Canonical issues on input
- The least privilege principle
- There is a brief overview on how store a secret

On the last point, the authors know well the topic. If you are using cryptography to protect something in your software but just store the private key in a global variable then you are helping tremendously the job of hackers as all they will have to do is look into your executable binary to search for something that looks like a key. A security measure is as strong as its weakest element and no hacker is foolish enough to attack a cryptographic algorithm that is proven strong. Even if you store the key in a secure place, all that is needed to retrieve the key is to perform a memory dump at the right time just before the software use the key. At least, you can make hackers job harder as there is nothing you can do to make your software 100% safe against hacker if the software is valuable enough to motivate them to hack your software. All you can do by improving your software security is to buy you some time before your software is hacked. All that to say that there is not bullet proof solution against hackers but the book gives solid leads to improve software security in that aspect.

In this book, there is a strong emphasis on Microsoft security technologies. The Windows Crypto API and the Microsoft OSes privileges API are described in length. If you develop on Windows and want to make your software more secure then this is an excellent book for you. If you develop on another platform, there is still something for you in this book as there are a lot of code snippets that are platform independent to improve software security such as input validation for file names to protect yourself against canonization bugs.

This is a very good book about software security but I do not recommend it simply because there is a new edition of it Writing Secure Code, Second Edition .
Helpful
 Report
Amazon Customer
5.0 out of 5 stars A Must Read for Todays Developer
Reviewed in the United States on January 18, 2002
I bought this book after the *Bill Gates* email came out about Microsoft being serious about security. I figured that when he sends email like this to the company, it's important. And when **he recommends this book** in the email, it's something worth looking at. It is - Writing Secure Code is great. It's an easy read, full of great design, development and testing principles and ideas.
The first couple of chapters revolve around design, in fact ch2 is over 70pp long, and it's all about how to design secure systems.
The bulk of the book focuses on secure coding, including buffer overruns, sockets, RPC, COM, Crypto, canoniclization issues, least privilege, storing secret data, Web apps - and more!
The last part of the book discusses common .NET coding errors, and how to build security test plans.
What makes this book utterly unique is it really teaches you how to design and test secure applications, as well as how to write them. The design and test stuff I have seen nowhere else.
The book is worth every penny, and I now know why Bill Gates recommends the book to all Microsoft developers.
14 people found this helpful
Helpful
 Report
Matt Price
3.0 out of 5 stars Pretty good...
Reviewed in the United States on December 25, 2001
This book was prety good. I liked it less after thinking about some of the reviews here. One reviewer has a good point that this is not a book for the hardcore coder. It is more about high-level how to secure-it stuff. Still, I thought the other reviewer had a good point too about SSL. I didn't think about it until after i finished the book, but the topic wasn't covered at all. Is it really something where there are no pitfalls to using it? It's okay not to tell me about the API, but even if SSL doesn't have any problems, i would have at least liked to hear "use this, it will secure all your network connections, then you won't have to worry about any network attacks" or something like that.
3 people found this helpful
Helpful
 Report