My technical skills
My favorites
My picture album
Shortcut keys
My code library
VB resources
SQLServer resources
SQLServer books
Replication FAQ
Scripting resources
ASP resources
Search my site
Sign my guestbook
Contact information
SQL Server Articles New
|
Click here to find out the top 15 SQL Server books purchased by this site's visitors! NEW |
Database encryption for SQL Server and MSDE:
ActiveCrypt.com
| Want to keep in touch with the latest in SQL Server world? Email vyaskn@hotmail.com with 'subscribe' in the subject line |
| Title: | Writing Secure Code |
| Authors: | Michael Howard, David Leblanc |
| Publisher: | Microsoft Press |
| ISBN: | 0735615888 |
| Pages: | 480 |
The cover page of this book says, "Practical strategies and proven techniques for building secure applications in a networked world". And that's exactly what you'll find inside this book. The authors are top security experts, from Windows XP team and Microsoft's new trustworthy computing initiative. This book touches upon design pointers for developing secure applications, security testing methodologies across technologies like Win32 applications, COM, DCOM, .Net and web applications. The excellent text is supported by great code snippets through out the book.
In today's world of software vulnerabilities, buffer overruns and other code exploits, when every major software vendor is releasing security hotfixes almost every week, I believe this book is a life saver. Most of these vulnerabilities are a result of careless programming, no attention to security, improper testing. This book addresses all these issues and shows you how to design and create secure applications, how to write robust code, how to test software for security vulnerabilities.
Who should read this book? I would say, "Every developer". Building secure and robust applications is paramount, If you are a software vendor, or a services company or anyone who develops and sells software. You'd rather drop a feature, but not compromise security. This book provides an indepth understanding of security concepts for developers, software architects, application designers, project managers and testing professionals.
Finally, why is this book being featured on an SQL Server website? Because, this book also discusses database related security issues like SQL Injection. Further, databases are an integral part of today's enterprise level applications and it is important to make your application's data access modules as secure as possible. Also, I'm sure, many of you SQL Server developers, also develop Windows and web applications.
The accompanying CD contains all the code snippets from the book, a completely searchable electronic version (eBook) of this book and some helpful security tools.
Overall, it is a great book and should be on every developer's bookshelf. Let me quickly walk you through the chapters:
Chapter 1: The Need for Secure Systems
Chapter 2: Designing Secure Systems
Chapter 3: Public Enemy #1: the Buffer Overrun
Chapter 4: Determining Good Access Control
Chapter 5: Running with Least Privilege
Chapter 6: Cryptographic Foibles
Chapter 7: Storing Secrets
Chapter 8: Canonical Representation Issues
Chapter 9: Socket Security
Chapter 10: Securing RPC, ActiveX Controls, and DCOM
Chapter 11: Protecting Against Denial of Service Attacks
Chapter 12: Securing Web-Based Services
Chapter 13: Writing Secure .NET Code
Chapter 14: Testing Secure Applications
Chapter 15: Secure Software Installation
Chapter 16: General Good Practices
The following chapters are included in the appendix:
A: Dangerous APIs
B: The Ten Immutable Laws of Security
C: The Ten Immutable Laws of Security Administration
D: Lame Excuses We've Heard
Click here for more information or to buy this book from: Amazon.com or Amazon.co.uk or Amazon.ca