Flylib.com

Books Software

 
 
 

Category list


Who Should Read This Book


Buy on amazon.com >>
Howard M. LeBlanc D.
    << Previous page
    Table of contents
    Next page >>

    Who Should Read This Book

    If you design applications, or if you build, test, or document solutions, you need this book. If your applications are Web-based or Win32-based, you need this book. Finally, if you are currently learning or building Microsoft .NET Framework “based applications, you need this book. In short, if you are involved in building applications, you will find much to learn in this book.

    Even if you're writing code that doesn't run on a Microsoft platform, much of the material in this book is still useful. Except for a few chapters that are entirely Microsoft-specific, the same types of problems tend to occur regardless of platform. Even when something might seem to be applicable only to Windows, it often has broader application. For example, an Everyone Full Control access control list and a file set to World Writable on a UNIX system are really the same problem, and cross-site scripting issues are universal.

    Organization of This Book

    The book is divided into five parts . Chapters 1 through 4 make up Part I, Contemporary Security, and outline the reasons why systems should be secured from attack and guidelines and analysis techniques for designing such systems.

    The meat of the book is in Parts II and III. Part II, Secure Coding Techniques, encompassing Chapters 5 through 14, outlines critical coding techniques that apply to almost any application. Part III, Even More Secure Coding Techniques, includes four chapters (Chapters 15 through 18) that focus on networked applications and .NET code.

    Part IV, Special Topics, includes six chapters (Chapters 19 through 24) that cover less-often-discussed subjects, such as testing, performing security code reviews, privacy, and secure software installation. Chapter 23 includes general guidelines that don't fit in any single chapter.

    Part V, Appendixes, includes five appendixes covering dangerous APIs, ridiculous excuses we've heard for not considering security, and security checklists for designers, developers and testers.

    Unlike the authors of a good many other security books, we won't just tell you how insecure applications are and moan about people not wanting to build secure systems. This book is utterly pragmatic and, again, relentlessly practical. It explains how systems can be attacked , mistakes that are often made, and, most important, how to build secure systems. (By the way, look for margin icons, which indicate security- related anecdotes.)

    Installing and Using the Sample Files

    You can download the sample files from the book's Companion Content page on the Web by connecting to http://www.microsoft.com/mspress/books/5957.asp. To access the sample files, click Companion Content in the More Information menu box on the right side of the page. This will load the Companion Content Web page, which includes a link for downloading the sample files and connecting to Microsoft Press Support. The download link opens an executable file containing a license agreement. To copy the sample files onto your hard disk, click the link to run the executable and then accept the license agreement that is presented. By default, the sample files will be copied to the My Documents\Microsoft Press\Secureco2 folder. During the installation process, you'll be given the option of changing that destination folder.

    System Requirements

    Most samples in this book are written in C or C++ and require Microsoft Visual Studio .NET, although most of the samples written in C/C++ work fine with most compilers, including Microsoft Visual C++ 6.0. The Perl examples have been tested using ActiveState Perl 5.6 or ActivateState Visual Perl 1.0 from http://www. activestate .com. Microsoft Visual Basic Scripting Edition and JScript code was tested with Windows Scripting Host included with Windows 2000 and later. All SQL examples were tested using Microsoft SQL Server 2000. Finally, Visual Basic .NET and Visual C# applications were written and tested using Visual Studio .NET.

    All the applications but two in this book will run on computers running Windows 2000 that meet recommended operating system requirements. The Safer sample in Chapter 7 and the UTF8 MultiByteToWideChar sample in Chapter 11 require Windows XP or Windows .NET Server to run correctly. Compiling the code requires somewhat beefier machines that comply with the requirements of the compiler being used.


    Buy on amazon.com >>
    Howard M. LeBlanc D.
      << Previous page
      Table of contents
      Next page >>

      Similar products

      Similar products

       
      flylib.com © Copyright 2008-2013. All Rights Reserved.
      if you may any questions please contact us: flylib@qtcs.net
      Privacy policy