Buy new:
$24.75
Delivery Monday, July 29
Ships from: Amazon
Sold by: RuhiCan Store
$24.75
No Import Fees Deposit & $20.80 Shipping to Finland Details

Shipping & Fee Details

Price $24.75
AmazonGlobal Shipping $20.80
Estimated Import Fees Deposit $0.00
Total $45.55

Delivery Monday, July 29. Order within 22 hrs 30 mins
Or fastest delivery Friday, July 12
Only 1 left in stock - order soon.
$$24.75 () Includes selected options. Includes initial monthly payment and selected options. Details
Price
Subtotal
$$24.75
Subtotal
Initial payment breakdown
Shipping cost, delivery date, and order total (including tax) shown at checkout.
Ships from
Amazon
Ships from
Amazon
Sold by
RuhiCan Store
Sold by
RuhiCan Store
Returns
Eligible for Return, Refund or Replacement within 30 days of receipt
Eligible for Return, Refund or Replacement within 30 days of receipt
Returnable Yes
Resolutions Eligible for refund or replacement
Return Window 30 days from delivery
Refund Timelines Typically, an advance refund will be issued within 24 hours of a drop-off or pick-up. For returns that require physical verification, refund issuance may take up to 30 days after drop-off or pick up. Where an advance refund is issued, we will re-charge your payment method if we do not receive the correct item in original condition. See details here.
Late fee A late fee of 20% of the item price will apply if you complete the drop off or pick up after the ‘Return By Date’.
Restocking fee A restocking fee may apply if the item is not returned in original condition and original packaging, or is damaged or missing parts for reasons not due to Amazon or seller error. See details here.
Returns
Eligible for Return, Refund or Replacement within 30 days of receipt
Returnable Yes
Resolutions Eligible for refund or replacement
Return Window 30 days from delivery
Refund Timelines Typically, an advance refund will be issued within 24 hours of a drop-off or pick-up. For returns that require physical verification, refund issuance may take up to 30 days after drop-off or pick up. Where an advance refund is issued, we will re-charge your payment method if we do not receive the correct item in original condition. See details here.
Late fee A late fee of 20% of the item price will apply if you complete the drop off or pick up after the ‘Return By Date’.
Restocking fee A restocking fee may apply if the item is not returned in original condition and original packaging, or is damaged or missing parts for reasons not due to Amazon or seller error. See details here.

Return instructions

Item must be in original condition and packaging along with tag, accessories, manuals, and inserts. Unlock any electronic device, delete your account and remove all personal information.
Read full return policy
Payment
Secure transaction
Your transaction is secure
We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more
Payment
Secure transaction
We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more
$19.26
Delivery Friday, July 26
Or fastest delivery Wednesday, July 17. Order within 9 hrs 45 mins
Only 1 left in stock - order soon.
$$24.75 () Includes selected options. Includes initial monthly payment and selected options. Details
Price
Subtotal
$$24.75
Subtotal
Initial payment breakdown
Shipping cost, delivery date, and order total (including tax) shown at checkout.
Access codes and supplements are not guaranteed with used items.
Added to

Sorry, there was a problem.

There was an error retrieving your Wish Lists. Please try again.

Sorry, there was a problem.

List unavailable.
Kindle app logo image

Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.

Read instantly on your browser with Kindle for Web.

Using your mobile phone camera - scan the code below and download the Kindle app.

QR code to download the Kindle App

Follow the authors

David LeBlanc
Follow
Michael Howard
Follow
Something went wrong. Please try your request again later.

Writing Secure Code, Second Edition 2nd ed. Edition

by Michael Howard (Author), David LeBlanc (Author)
4.5 4.5 out of 5 stars 61 ratings
See all formats and editions
{"desktop_buybox_group_1":[{"displayPrice":"$24.75","priceAmount":24.75,"currencySymbol":"$","integerValue":"24","decimalSeparator":".","fractionalValue":"75","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"Bq83T2yTxkG4khuqFXfyIHHURQXCbo%2BK55WGZsFMpTFNN4GOQQMdtaHaVpzY2KrggmKKx964cNvpF2VmTyGBmn%2BWZ3fi9e7o9m%2Bjx1FbI%2FH4VXjfj7kEEhrHvUdqWH4IwjugIvtnfgudb0D2M2SC%2FCsx5xzzZJaoqx4wC65aycgsR03Q%2FWN9t%2BNbENTWc0ZF","locale":"en-US","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}, {"displayPrice":"$19.26","priceAmount":19.26,"currencySymbol":"$","integerValue":"19","decimalSeparator":".","fractionalValue":"26","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"Bq83T2yTxkG4khuqFXfyIHHURQXCbo%2BK25l3281Lk7d2VxgOQOl5ObTgYZHzGGc%2Fy0FLmNPVRWtuBW4UO47Yw4sNQom14zpLtaz94yPOKmzj07dyq2Z%2BBnBH9WULWwtB12CG%2FnKWcqWZCWojk%2BIUKjpMCdlm7x4oxh8L0kkHaOOR5wI8hBtHs6gut0XDGFuK","locale":"en-US","buyingOptionType":"USED","aapiBuyingOptionIndex":1}]}

Purchase options and add-ons

Keep black-hat hackers at bay with the tips and techniques in this entertaining, eye-opening book! Developers will learn how to padlock their applications throughout the entire development process—from designing secure applications to writing robust code that can withstand repeated attacks to testing applications for security flaws. Easily digested chapters reveal proven principles, strategies, and coding techniques. The authors—two battle-scarred veterans who have solved some of the industry’s toughest security problems—provide sample code in several languages. This edition includes updated information about threat modeling, designing a security process, international issues, file-system issues, adding privacy to applications, and performing security code reviews. It also includes enhanced coverage of buffer overruns, Microsoft® .NET security, and Microsoft ActiveX® development, plus practical checklists for developers, testers, and program managers.

Previous slide of product details
  1. ISBN-10
    0735617228
  2. ISBN-13
    978-0735617223
  3. Edition
    2nd ed.
  4. Publisher
    Microsoft Press
  5. Publication date
    January 4, 2003
  6. Part of series
    Developer Best Practices
  7. Language
    English
  8. Dimensions
    7.5 x 2 x 9 inches
  9. Print length
    798 pages
  10. See all details
Next slide of product details

Frequently bought together

Writing Secure Code, Second Edition
$24.75
Get it as soon as Monday, Jul 29
Only 1 left in stock - order soon.
Sold by RuhiCan Store and ships from Amazon Fulfillment.
+
Code Complete: A Practical Handbook of Software Construction, Second Edition
$33.77
Only 1 left in stock (more on the way).
Ships from and sold by Amazon.com.
+
The Pragmatic Programmer: Your Journey To Mastery, 20th Anniversary Edition (2nd Edition)
$43.99
In Stock
Ships from and sold by Amazon.com.
Total price:
To see our price, add these items to your cart.
Details
Added to Cart
spCSRF_Treatment
Some of these items ship sooner than the others.
Show details Hide details
Choose items to buy together.

Editorial Reviews

About the Author

Michael Howard, CISSP, is a leading security expert. He is a senior security program manager at Microsoft® and the coauthor of The Software Security Development Lifecycle. Michael has worked on Windows security since 1992 and now focuses on secure design, programming, and testing techniques. He is the consulting editor for the Secure Software Development Series of books by Microsoft Press.

David LeBlanc, Ph.D., is a founding member of the Trustworthy Computing Initiative at Microsoft®. He has been developing solutions for computing security issues since 1992 and has created award-winning tools for assessing network security and uncovering security vulnerabilities. David is a senior developer in the Microsoft Office Trustworthy Computing group.

Product details

  • Publisher ‏ : ‎ Microsoft Press; 2nd ed. edition (January 4, 2003)
  • Language ‏ : ‎ English
  • Paperback ‏ : ‎ 798 pages
  • ISBN-10 ‏ : ‎ 0735617228
  • ISBN-13 ‏ : ‎ 978-0735617223
  • Item Weight ‏ : ‎ 2.92 pounds
  • Dimensions ‏ : ‎ 7.5 x 2 x 9 inches
  • Customer Reviews:
    4.5 4.5 out of 5 stars 61 ratings

About the authors

Follow authors to get new release updates, plus improved recommendations.
Previous page
  1. Michael Howard

    Michael Howard

    Brief content visible, double tap to read full content.
    Full content visible, double tap to read brief content.

    Discover more of the author’s books, see similar authors, read author blogs and more

    See more on the author's page
  2. David LeBlanc

    David LeBlanc

    Brief content visible, double tap to read full content.
    Full content visible, double tap to read brief content.

    Discover more of the author’s books, see similar authors, read author blogs and more

    See more on the author's page
Next page

Customer reviews

4.5 out of 5 stars
4.5 out of 5
61 global ratings

Top reviews from the United States

J. Silberstein
5.0 out of 5 stars An eye opener
Reviewed in the United States on June 21, 2006
Verified Purchase
You think your data is safe, your website secured, your code foolproof.... think again. If you haven't read this book, probably none of the above are true. This book is written with a hacker's mind. It reveals and elaborates on the most common and not so common volnurabilities of computer and web applications. I am glad I read this book and used the information to plug the holes at a client's web application, so when one of their laptops was later compromised, no harm was done to their data or IT infrastructure.
2 people found this helpful
Helpful
 Report
Ralyn Gibbons
5.0 out of 5 stars Excellent
Reviewed in the United States on July 17, 2013
Verified Purchase
I opened the box with hesitation as I have been burned purchasing used books before, but to my surprise it was in excellent condition. The information will be of great help to me. Thank you for selling product that is true to the prescription.
Helpful
 Report
Amazon Customer
4.0 out of 5 stars Excellent reading for any programmer
Reviewed in the United States on August 15, 2003
This is an excellent book for any beginner to intermediate programmer who would like to know the hooks and corners of securing the code.
The book starts rather philosophically and for any one who read Steve Maguire's book this might seem like a bit boring. But the real meat wont come until the part 2 where the author takes straight dive into the coding with lots of examples. Some of the web related examples deserve double clapping just for the effort the examples are bringing out the case of bad-news. This got to open up any programmer's eye and any managers mouth (in shock! that is).
The author takes us mostly into the world of Windows and C/C++ and some what into .NET and managed code behavior and security lapses one can get easily into.
While I enjoyed this book thoroughly, I just could not give it 5 stars because of its bia towards Windows and .NET framework. This can be accompanied with Steve Maguire's excellent book on Writing Solid "C" Code.
For an expert this book only offers few bits of additional information. This might be the case as the author tried to address many facets of programming and didn't concentrate on one subject alone. Ideally this book can be made into a separate series of books each concentrating on a single topic of interest.
15 people found this helpful
Helpful
 Report
Pachi
5.0 out of 5 stars must read
Reviewed in the United States on February 5, 2010
Verified Purchase
I recommend this book as must read in todays internet programming world.
I am not a internet programmer, but still this book covers lot of topics how my stand alone application
can be vulnerable if the system is hooked to net.

Must read for all programmrs in todays world.
Helpful
 Report
beattempo
5.0 out of 5 stars Great read for programmers
Reviewed in the United States on September 13, 2017
Verified Purchase
Great book for the money.
Helpful
 Report
CYS
5.0 out of 5 stars Secure code
Reviewed in the United States on September 15, 2011
Verified Purchase
Great book! I am very pleased with this purchase. A lot of valuable information. It helps me on my job.
Helpful
 Report
Louis Lu
5.0 out of 5 stars Five Stars
Reviewed in the United States on September 27, 2014
Verified Purchase
very good for 2nd hand book!!!
same as I expected
Helpful
 Report
wiredweird
3.0 out of 5 stars Good, but dated
Reviewed in the United States on October 19, 2013
Verified Purchase
The timeless advice in this book should be at the front of every programmer's mind every day. Things like
- There's no such thing as a small security flaw,
- If you see more than one bug of a given type, there are lots more you didn't see, or
- It can still be a security flaw even if you haven't heard of an exploit.
And, as an example in itself, this helps programmers remember that security specialists really do know more about some things than developers with strengths in other areas. (An embarassing story from the early days of Java, not recounted here, described a blunder that any security specialist would have found in a minute - but it was shipped because the team decided they didn't need the specialist's review since they knew it all.)

Then, in a helpful turn, the authors give voluminous examples of what not to do, what to do instead, and finer point of some of the subtler Windows APIs - the APIs that were used in 2003 (when the book was published) or even earlier (when it was being written). Those details were valuable at the time, but aged incredibly rapidly. Some specifics, like resisting SQL injection attacks, remain salient. Others, like use of RC4 for encryption, have been overtaken by more recent findings. And a few statements just weren't true even when this was written. One, that compiler writers might find ways to optimize "volatile" references away (p.326), would break huge amounts of hardware-oriented code if it were to happen.

Lots of the content remains important and widely applicable - five stars for that part, even with a few glitches. But, because so much discussion depends on Windows-specific and aging APIs, I can't give it full marks for today's (or for a non-Windows) reader.

-- wiredweird
7 people found this helpful
Helpful
 Report

Top reviews from other countries

Client d'Amazon
5.0 out of 5 stars Very good quality
Reviewed in France on December 4, 2015
Verified Purchase
Nothing to complain about the quality and aspect of the book. Will probably buy again from this vendor. Two thumbs up!
Report
Jennifers Daddy
5.0 out of 5 stars Mandatory
Reviewed in the United Kingdom on February 28, 2007
Verified Purchase
If you are a developer then this book is mandatory.

You do not realise the threats (from the desktop, the web, Intranet) until you read this book. Attacks come from everywhere.

Reading this together with "Code Complete 2" (Steve McConnell) will surely make you a better developer and your software safer, faster and more secure.

Imagine the consequences of a simple SQL injection attack or a cross site script attack on your customers. Your reputation, your job and your company are at risk. Its as simple as that. Getting a few copies of this for yourself and your colleagues makes sense.
2 people found this helpful
 Report
Cryptoman
5.0 out of 5 stars Now mandatory reading for my team
Reviewed in the United Kingdom on March 23, 2012
Verified Purchase
I bought myself a copy of this some years ago. I was sufficiently impressed that I then bought additional copies and presented them to each of my team members. It is not sufficient material on its own - it is particularly light on .Net issues, but it is a very good primer on a wide range of topics.
Report
Bandidoz
4.0 out of 5 stars Dated but still very relevant
Reviewed in the United Kingdom on September 1, 2017
Verified Purchase
This is an excellent book which gives you very specific information on common security weaknesses to be aware of, common coding failures that can be exploited by malformed data along with useful philosophies on testing at the boundaries between trusted and untrusted environments. Most of the content is as applicable today as it was in the early noughties.

The authors are very highly experienced however they are also a bit smug which does grate from time to time.
2 people found this helpful
 Report
Luke B.
4.0 out of 5 stars Must read for EVERY programmer (not just Microsoft Employees!)
Reviewed in Canada on March 16, 2016
Verified Purchase
Having a book endorsed by Microsoft's Co-Founder, Bill Gates, seems like a great idea! On the front, he is quoted as saying that it's a mandatory read for every MS employee.

This version is from when Windows Server 2003 was still nick-named Windows Server .Net, so that should tell you the age; however, the information is very accurate, and insightful in how to write secure programs even in this day and age. I don't write in C or C++ as much as I'd like to learn it, so some examples went over my head when they got to the code. The information they provide helps a lot to understand *why* the programmers are choosing their insecure or secure methods, and helps to convey the message that security starts as you start planning the project, **before you write any actual code**. I recommend every programmer who wants to write for other people read this book!
Report