Book Review: Writing Secure Code
Last updated: November 9th '02 | Best viewed with: All popular browsers | Best viewed at: 1024x768 | Links to external sites will open in a new window

About myself
My technical skills
My favorites
My picture album

Shortcut keys
My code library

VB resources
SQLServer resources
SQLServer books
Replication FAQ
Scripting resources
ASP resources

Search my site
Sign my guestbook
Contact information

SQL Server Articles New

Click here to find out the top 15 SQL Server books purchased by this site's visitors! NEW

Database encryption for SQL Server and MSDE:

NEW!!! Subscribe to my newsletter:
Want to keep in touch with the latest in SQL Server world? Email with 'subscribe' in the subject line
See also:  
Database coding conventions SQL Server interview questions
Evaluation of federated database servers SQL Server FAQ on programming, administration, replication and tools
SQL Server security best practices SQL Server administration best practices
Related books:
.Net Framework Security Windows 2000 Hacking Exposed Applied Microsoft .NET Framework Programming

Writing Secure Code
Title: Writing Secure Code
Authors: Michael Howard, David Leblanc
Publisher: Microsoft Press
ISBN: 0735615888
Pages: 480
Click here for more information or to buy this book from: or or

The cover page of this book says, "Practical strategies and proven techniques for building secure applications in a networked world". And that's exactly what you'll find inside this book. The authors are top security experts, from Windows XP team and Microsoft's new trustworthy computing initiative. This book touches upon design pointers for developing secure applications, security testing methodologies across technologies like Win32 applications, COM, DCOM, .Net and web applications. The excellent text is supported by great code snippets through out the book.

In today's world of software vulnerabilities, buffer overruns and other code exploits, when every major software vendor is releasing security hotfixes almost every week, I believe this book is a life saver. Most of these vulnerabilities are a result of careless programming, no attention to security, improper testing. This book addresses all these issues and shows you how to design and create secure applications, how to write robust code, how to test software for security vulnerabilities.

Who should read this book? I would say, "Every developer". Building secure and robust applications is paramount, If you are a software vendor, or a services company or anyone who develops and sells software. You'd rather drop a feature, but not compromise security. This book provides an indepth understanding of security concepts for developers, software architects, application designers, project managers and testing professionals.

Finally, why is this book being featured on an SQL Server website? Because, this book also discusses database related security issues like SQL Injection. Further, databases are an integral part of today's enterprise level applications and it is important to make your application's data access modules as secure as possible. Also, I'm sure, many of you SQL Server developers, also develop Windows and web applications.

The accompanying CD contains all the code snippets from the book, a completely searchable electronic version (eBook) of this book and some helpful security tools.

Overall, it is a great book and should be on every developer's bookshelf. Let me quickly walk you through the chapters:

Chapter 1: The Need for Secure Systems

Chapter 2: Designing Secure Systems

Chapter 3: Public Enemy #1: the Buffer Overrun

Chapter 4: Determining Good Access Control

Chapter 5: Running with Least Privilege

Chapter 6: Cryptographic Foibles

Chapter 7: Storing Secrets

Chapter 8: Canonical Representation Issues

Chapter 9: Socket Security

Chapter 10: Securing RPC, ActiveX Controls, and DCOM

Chapter 11: Protecting Against Denial of Service Attacks

Chapter 12: Securing Web-Based Services

Chapter 13: Writing Secure .NET Code

Chapter 14: Testing Secure Applications

Chapter 15: Secure Software Installation

Chapter 16: General Good Practices

The following chapters are included in the appendix:

A: Dangerous APIs

B: The Ten Immutable Laws of Security

C: The Ten Immutable Laws of Security Administration

D: Lame Excuses We've Heard

Click here for more information or to buy this book from: or or