gogogo
Syndetics cover image
Image from Syndetics

Writing Secure Code (Howard & LeBlanc) 2nd edit

By: Contributor(s): Material type: TextTextPublication details: MicrosoftISBN:
  • 9780735617223
Holdings
Item type Current library Call number Copy number Status Date due Barcode
Standard Loan Thurles Library Main Collection 005.82 HOW (Browse shelf(Opens below)) 1 Available R16875KRCT

Enhanced descriptions from Syndetics:

Keep black-hat hackers at bay with the tips and techniques in this entertaining, eye-opening book! Developers will learn how to padlock their applications throughout the entire development process--from designing secure applications to writing robust code that can withstand repeated attacks to testing applications for security flaws. Easily digested chapters reveal proven principles, strategies, and coding techniques. The authors--two battle-scarred veterans who have solved some of the industry's toughest security problems--provide sample code in several languages. This edition includes updated information about threat modeling, designing a security process, international issues, file-system issues, adding privacy to applications, and performing security code reviews. It also includes enhanced coverage of buffer overruns, Microsoft .NET security, and Microsoft ActiveX development, plus practical checklists for developers, testers, and program managers.

Security and IT Forensics Course Development

Table of contents provided by Syndetics

  • Part I Contemporary Security
  • 1 The Need for Secure Systems (p. 3)
  • 2 The Proactive Security Development Process (p. 23)
  • 3 Security Principles to Live By (p. 51)
  • 4 Threat Modeling (p. 69)
  • Part II Secure Coding Techniques
  • 5 Public Enemy #1: The Buffer Overrun (p. 127)
  • 6 Determining Appropriate Access Control (p. 171)
  • 7 Running with Least Privilege (p. 207)
  • 8 Cryptographic Foibles (p. 259)
  • 9 Protecting Secret Data (p. 299)
  • 10 All Input Is Evil! (p. 341)
  • 11 Canonical Representation Issues (p. 363)
  • 12 Database Input Issues (p. 397)
  • 13 Web-Specific Input Issues (p. 413)
  • 14 Internationalization Issues (p. 439)
  • Part III Even More Secure Coding Techniques
  • 15 Socket Security (p. 455)
  • 16 Securing RPC, ActiveX Controls, and DCOM (p. 477)
  • 17 Protecting Against Denial of Service Attacks (p. 517)
  • 18 Writing Secure .NET Code (p. 535)
  • Part IV Special Topics
  • 19 Security Testing (p. 567)
  • 20 Performing a Security Code Review (p. 615)
  • 21 Secure Software Installation (p. 627)
  • 22 Building Privacy into Your Application (p. 641)
  • 23 General Good Practices (p. 663)
  • 24 Writing Security Documentation and Error Messages (p. 695)
  • Part V Appendixes
  • A Dangerous APIs (p. 713)
  • B Ridiculous Excuses We've Heard (p. 723)
  • C A Designer's Security Checklist (p. 729)
  • D A Developer's Security Checklist (p. 731)
  • E A Tester's Security Checklist (p. 737)

Author notes provided by Syndetics

David LeBlanc , Ph.D., is a founding member of the Trustworthy Computing Initiative at Microsoft. He has been developing solutions for computing security issues since 1992 and has created award-winning tools for assessing network security and uncovering security vulnerabilities. David is a senior developer in the Microsoft Office Trustworthy Computing group.

Powered by Koha