Home »  Boeken »  Windows programmatie »  Writing Secure Code, Second Edition (Michael Howard, David LeBlanc)
» Snelle links

»Verwante producten

»Hou me op de hoogte

»Opties

Writing Secure Code, Second Edition (Michael Howard, David LeBlanc)
stock:
  • Brugge: niet op voorraad
  • Gent: niet op voorraad
  • Mechelen: niet op voorraad
  
  • Leuven: niet op voorraad
Prijs: € 42.90
Prijs excl. BTW: € 40.47 / BTW 6%
hcw bestelwagen
Leveringstermijn: ±10 werkdagen
ISBN: 0.7356-1722.8
artikelcode: B2735

  
Status: Courant artikel
uitgever: Microsoft Press
Beoordeling:
 
 
evalueer dit product


Keep black-hat hackers at bay with the tips and techniques in this entertaining, eye-opening book! Developers will learn how to padlock their applications throughout the entire development process-from designing secure applications to writing robust code that can withstand repeated attacks to testing applications for security flaws. Short, easily digested chapters reveal proven principles, strategies, and coding techniques. The authors-two battle-scarred veterans who have solved some of the industry's toughest security problems-provide sample code in several languages. This edition includes updated information about threat modeling, designing a security process, international issues, file-system issues, adding privacy to applications, and performing security code reviews. It also includes enhanced coverage of buffer overruns, Microsoft® .NET security, and Microsoft ActiveX® development, plus practical checklists for developers, testers, and program managers.

About the Authors

  • Michael Howard is a security program manager on the Microsoft Windows XP team, focusing on secure design, programming, and testing techniques. He works with hundreds of people both inside and outside the company each year to help them secure their applications. He is the author of Designing Secure Web-Based Applications for Microsoft Windows 2000 from Microsoft Press. Prior to working on Windows XP, Michael worked on next-generation Web server technologies and IIS. He has worked on Microsoft Windows NT® security since 1992.
  • David LeBlanc is a senior security technologist in Microsoft’s Information Technology Group. His primary role is defending the Microsoft network from attack. He has worked in the security field throughout his professional life, including working at Internet Security Systems where he was the primary engineer on ISS’s award-winning security products. David serves on a number of external security-related advisory boards.

Table of Contents

Introduction
Part I. Contemporary Security
1. The Need for Secure Systems
2. The Proactive Security Development Process
3. Security Principles to Live By
4. Threat Modeling

Part II. Secure Coding Techniques
5. Public Enemy #1: The Buffer Overrun
6. Determining Appropriate Access Control
7. Running with Least Privilege
8. Cryptographic Foibles
9. Protecting Secret Data
10. All Input Is Evil!
11. Canonical Representation Issues
12. Database Input Issues
13. Web-Specific Input Issues
14. Internationalization Issues

Part III. Even More Secure Coding Techniques
15. Socket Security
16. Securing RPC, ActiveX Controls, and DCOM
17. Protecting Against Denial of Service Attacks
18. Writing Secure .NET Code

Part IV. Special Topics
19. Security Testing
20. Performing a Security Code Review
21. Secure Software Installation
22. Building Privacy into Your Application
23. General Good Practices
24. Writing Security Documentation and Error Messages

Part V. Appendixes
A: Dangerous APIs
B: Ridiculous Excuses We’ve Heard
C: A Designer’s Security Checklist
D: A Developer’s Security Checklist
E: A Tester’s Security Checklist
A Final Thought
Annotated Bibliography
Index