Writing Secure Code

Front Cover
Microsoft Press, 2003 - Computers - 768 pages

Keep black-hat hackers at bay with the tips and techniques in this entertaining, eye-opening book! Developers will learn how to padlock their applications throughout the entire development process--from designing secure applications to writing robust code that can withstand repeated attacks to testing applications for security flaws. Easily digested chapters reveal proven principles, strategies, and coding techniques. The authors--two battle-scarred veterans who have solved some of the industry's toughest security problems--provide sample code in several languages. This edition includes updated information about threat modeling, designing a security process, international issues, file-system issues, adding privacy to applications, and performing security code reviews. It also includes enhanced coverage of buffer overruns, Microsoft .NET security, and Microsoft ActiveX development, plus practical checklists for developers, testers, and program managers.

From inside the book

 

Contents

I
3
II
5
III
7
Copyright

336 other sections not shown

Other editions - View all

Writing Secure Code
Michael Howard,David LeBlanc
Limited preview - 2003
Writing Secure Code
David LeBlanc,Michael Howard
Limited preview - 2002
Writing Secure Code
Michael Howard,David LeBlanc
Snippet view - 2003
View all »

Common terms and phrases

2000 and later access control ActiveX administrator allow application attacker authentication buffer overrun bytes chapter char characters client configuration cookie create cross-site scripting DACL database DCOM default determine developers DPAPI DWORD encryption error example exploit feature filename firewall function GetLastError handle hash input install interface IP address IPSec issues look managed code memory Microsoft Windows mitigate MSRPC named pipes NET Framework NULL object operating system option packet password perform Perl permissions plaintext privilege problem protect protocol random regular expression request require sample script secret data security bugs socket specific SSL/TLS strcpy string template threat model tion token tool trust Unicode user's valid vulnerability Windows NET Server Windows NT Windows XP write

References to this book

About the author (2003)

Michael Howard, CISSP, is a leading security expert. He is a senior security program manager at Microsoft® and the coauthor of The Software Security Development Lifecycle. Michael has worked on Windows security since 1992 and now focuses on secure design, programming, and testing techniques. He is the consulting editor for the Secure Software Development Series of books by Microsoft Press. David LeBlanc, Ph.D., is a founding member of the Trustworthy Computing Initiative at Microsoft®. He has been developing solutions for computing security issues since 1992 and has created award-winning tools for assessing network security and uncovering security vulnerabilities. David is a senior developer in the Microsoft Office Trustworthy Computing group.

Bibliographic information

TitleWriting Secure Code
Best Practices Series
Developer Best Practices Series
Microsoft secure software development series
Safari Books Online
AuthorsMichael Howard, David LeBlanc
Edition2, illustrated
PublisherMicrosoft Press, 2003
ISBN0735617228, 9780735617223
Length768 pages
Subjects ›  › 

Computers / Programming / General
Computers / Security / Cryptography & Encryption
Computers / Security / General
Computers / Software Development & Engineering / General
  
Export CitationBiBTeX EndNote RefMan