Join Books.org — it's free
Home > Books > Writing Secure Code

Writing Secure Code by Michael Howard — book cover
Mathematics, Mathematics, Software Engineering, Computers - General & Miscellaneous

Writing Secure Code

by Michael Howard, David E. LeBlanc
Write a review
Log in to track your reading progress.

Overview

Keep black-hat hackers at bay with the tips and techniques in this entertaining, eye-opening book! Developers will learn how to padlock their applications throughout the entire development process—from designing secure applications to writing robust code that can withstand repeated attacks to testing applications for security flaws. Easily digested chapters reveal proven principles, strategies, and coding techniques. The authors—two battle-scarred veterans who have solved some of the industry’s toughest security problems—provide sample code in several languages. This edition includes updated information about threat modeling, designing a security process, international issues, file-system issues, adding privacy to applications, and performing security code reviews. It also includes enhanced coverage of buffer overruns, Microsoft® .NET security, and Microsoft ActiveX® development, plus practical checklists for developers, testers, and program managers.

No more malicious attacks! Learn the best practices for writing secure code, with samples in Microsoft Visual Basic®.NET, Visual C++®, Perl, and Visual C#®.

Synopsis

Writing Secure Code" covers the major aspects of creating secure applications through the entire development process. Its short, easily-digested chapters can provide software designers, architects, developers, and testers with the training, theory, and techniques they need to take the right actions to ensure security.

About the Author, Michael Howard

Michael Howard is a security program manager on the Microsoft WindowsXP team, focusing on secure design, programming and testing techniques. He works with hundreds of people both inside and outside the company to help them secure their applications each year. He is the primary author of Desiging Secure Web-Based Applications for Microsoft Windows 2000 from Microsoft Press. Prior to working in WindowsXP, Michael worked on next-generation Web server technologies and IIS. He has worked on Windows NT® security since 1992

David LeBlanc is a senior security technologist in ITG at Microsoft. His primary role is defending the Microsoft network from attack. He has worked in the security field throughout his professional life, including working at Internet Security Systems where he was the primary engineer on ISS' award-winning security products. David serves on a number of external security-related advisory boards.

Reviews

There are no reviews yet. Log in to write one.

Editorials

From Barnes & Noble

The Barnes & Noble Review
Your code will be attacked. You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how.

This edition draws on the lessons learned and taught throughout Microsoft during the firm’s massive 2002 “Windows Security Push.” It’s a huge upgrade to the respected First Edition, with new coverage across the board.

Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There’s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them.

Then, it’s on to in-depth coverage of today’s key security issues from the developer’s standpoint. Everyone knows buffer overruns are bad: Here’s a full chapter on avoiding them. You’ll learn how to establish appropriate access controls and default to running with least privilege. There’s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You’ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting.

We’ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won’t just improve security -- it’ll dramatically improve robustness and reliability, too. Bill Camarda

Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

Book Details

Published
December 1, 2002
Publisher
Microsoft Press
Pages
800
Format
Paperback
ISBN
9780735617223

More by Michael Howard

Occult Conspiracy: Secret Societies, Their Influence & Power in World History
Occult Conspiracy: Secret Societies, Their Influence & Power in World History
Benjamin Franklin Bridge, Pennsylvania (Images of America Series)
Benjamin Franklin Bridge, Pennsylvania (Images of America Series)
Benjamin Franklin Bridge, Pennsylvania (Postcards of America Series)
Benjamin Franklin Bridge, Pennsylvania (Postcards of America Series)
24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software
The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software
The 19 Deadly Sins of Software Security
The 19 Deadly Sins of Software Security
The Palaung in Northern Thailand
The Palaung in Northern Thailand
Part of History: Aspects of the British Experience of the First World War
Part of History: Aspects of the British Experience of the First World War
A Part of History: Aspects of the British Experience of the First World War
A Part of History: Aspects of the British Experience of the First World War
Franco-Prussian War: The German Invasion of France 1870-1871, Revised Edition
Franco-Prussian War: The German Invasion of France 1870-1871, Revised Edition

Similar books

Advances in the Design of Symbolic Computation Systems
Advances in the Design of Symbolic Computation Systems
Systems Analysis and Design: An Object-Oriented Approach with UML
Systems Analysis and Design: An Object-Oriented Approach with UML
Functional Programming, Concurrency, Simulation and Automated Reasoning
Functional Programming, Concurrency, Simulation and Automated Reasoning
Modeling in the Neurosciences
Modeling in the Neurosciences
Multiscale Modeling and Simulation in Science
Multiscale Modeling and Simulation in Science
Rapid Contextual Design
Rapid Contextual Design
Geometric Algebra for Computer Science
Geometric Algebra for Computer Science
Simulation and Model-Based Methodologies: An Integrative View
Simulation and Model-Based Methodologies: An Integrative View
Applying RCS and SCCS: From Source Control to Project Control
Applying RCS and SCCS: From Source Control to Project Control
Creating Adobe Acrobat Forms
Creating Adobe Acrobat Forms