Who Should Read This Book
If you design applications, or if you build, test, or document solutions, you need this book. If your applications are Web-based or Win32-based, you need this book. Finally, if you are currently learning or building Microsoft .NET Framework “based applications, you need this book. In short, if you are involved in building applications, you will find much to learn in this book.
Even if you're writing code that doesn't run on a Microsoft platform, much of the material in this book is still useful. Except for a few chapters that are entirely Microsoft-specific, the same types of problems tend to occur regardless of platform. Even when something might seem to be
Organization of This Book
The book is divided into five
The meat of the book is in Parts II and III. Part II, Secure Coding Techniques, encompassing Chapters 5 through 14, outlines critical coding techniques that apply to almost any application. Part III, Even More Secure Coding Techniques, includes four chapters (Chapters 15 through 18) that focus on networked applications and .NET code.
Part IV, Special Topics, includes six chapters (Chapters 19 through 24) that cover less-often-discussed subjects, such as testing, performing security code reviews, privacy, and secure software installation. Chapter 23 includes general guidelines that don't fit in any single chapter.
Part V, Appendixes, includes five appendixes covering dangerous APIs, ridiculous excuses we've
Unlike the authors of a good many other security books, we won't just tell you how
Installing and Using the Sample Files
You can download the sample files from the book's
Companion Content page on the Web by connecting to
http://www.microsoft.com/mspress/books/5957.asp. To access the
sample files, click Companion Content in the More Information menu
box on the right side of the page. This will load the Companion
Content Web page, which includes a link for downloading the sample
files and connecting to Microsoft Press Support. The download link
opens an executable file containing a license agreement. To copy
the sample files onto your hard disk, click the link to run the
executable and then accept the license agreement that is presented.
By default, the sample files will be
Most samples in this book are written in C or C++
and require Microsoft Visual Studio .NET, although most of the
samples written in C/C++ work fine with most compilers, including
Microsoft Visual C++ 6.0. The Perl examples have been
All the applications but two in this book will
run on computers running Windows 2000 that meet recommended
operating system requirements. The Safer sample in Chapter 7 and
the UTF8 MultiByteToWideChar sample in Chapter 11 require Windows
XP or Windows .NET Server to run correctly. Compiling the code
requires somewhat beefier machines that