Michael Howard - Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World
Here you can read online Michael Howard - Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2004, publisher: Microsoft Press, genre: Politics. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World
- Author:
- Publisher:Microsoft Press
- Genre:
- Year:2004
- Rating:3 / 5
- Favourites:Add to favourites
- Your mark:
Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
Keep black-hat hackers at bay with the tips and techniques in this entertaining, eye-opening book! Developers will learn how to padlock their applications throughout the entire development processfrom designing secure applications to writing robust code that can withstand repeated attacks to testing applications for security flaws. Easily digested chapters reveal proven principles, strategies, and coding techniques. The authorstwo battle-scarred veterans who have solved some of the industrys toughest security problemsprovide sample code in several languages. This edition includes updated information about threat modeling, designing a security process, international issues, file-system issues, adding privacy to applications, and performing security code reviews. It also includes enhanced coverage of buffer overruns, Microsoft .NET security, and Microsoft ActiveX development, plus practical checklists for developers, testers, and program managers.
Michael Howard: author's other books
Who wrote Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World? Find out the surname, the name of the author of the book and a list of all author's works by series.
Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
Copyright 2003 by Microsoft Corporation
For Cheryl and Blake, the two most beautiful people I know.
Michael
To Jennifer, for putting up with still more lost weekends when we should havebeen out riding together.
David
During February and March of 2002, all normal feature work on Microsoft Windows stopped. Throughout this period, the entire development team turned its attention to improving the security of the next version of the product, Windows .NET Server 2003. The goal of the Windows Security Push, as it became known, was to educate the entire team about the latest secure coding techniques, to find design and code flaws, and to improve test code and documentation. The first edition of this book was required reading by all members of the Windows team during the push, and this second edition documents many of the findings from that push and subsequent security pushes for other Microsoft products, including SQL Server, Office, Exchange, Systems Management Server, Visual Studio .NET, the .NET common language runtime, and many others.
The impetus for the Windows Security Push (and many of the other security pushes) was Bill Gates's Trustworthy Computing memo of January 15, 2002, which outlined a high-level strategy to deliver a new breed of computer systems, systems that are more secure and available. Since the memo, both of us have spoken to or worked with thousands of developers within and outside Microsoft, and they've all told us the same thing: We want to do the right thingwe want to build secure softwarebut we don't know enough yet. That desire and uncertainty directly relates to this book's purpose: to teach people things they were never taught in schoolhow to design, build, test, and document secure software. By secure software , we don't mean security code or code that implements security features. We mean code that is designed to withstand attack by malicious attackers. Secure code is also robust code.
Our goal for this book is to be relentlessly practical. A side effect is to make you understand that your code will be attacked. We can't be more blunt, so let us say it again. If you create an application that runs on one or more computers connected to a network or the biggest network of them all, the Internet, your code will be attacked.
The consequences of compromised systems are many and varied, including loss of production, loss of customer faith, and loss of money. For example, if an attacker can compromise your application, such as by making it unavailable, your clients might go elsewhere. Most people have a low wait-time threshold when using Internet-based services. If the service is not available, many will take their patronage and money to your competitors.
The real problem with numerous software development houses is that security is not seen as a revenue-generating function of the development process. Because of this, management does not want to spend money training developers to write secure code. Management does spend money on security technologies, but that's usually after a successful attack! And at that point, it's too latethe damage has been done. Fixing applications post-attack is expensive, both financially and in terms of your reputation.
Protecting property from theft and attack has been a time-proven practice. Our earliest ancestors had laws punishing those who chose to steal, damage, or trespass on property owned by citizens. Simply, people understand that certain chattels and property are private and should stay that way. The same ethics apply to the digital world, and therefore part of our job as developers is to create applications and solutions that protect digital assets.
You'll notice that this book covers some of the fundamental issues that should be covered in school when designing and building secure systems is the subject. You might be thinking that designing is the realm of the architect or program manager, and it is, but as developers and testers you need to also understand the processes involved in outlining systems designed to withstand attack.
We know software will always have vulnerabilities, regardless of how much time and effort you spend trying to develop secure software, simply because you cannot predict future security research. We know this is true of Microsoft Windows .NET Server 2003, but we also know you can reduce the overall number of vulnerabilities and make it substantially harder to find and exploit vulnerabilities in your code by following the advice in this book.
If you design applications, or if you build, test, or document solutions, you need this book. If your applications are Web-based or Win32-based, you need this book. Finally, if you are currently learning or building Microsoft .NET Frameworkbased applications, you need this book. In short, if you are involved in building applications, you will find much to learn in this book.
Even if you're writing code that doesn't run on a Microsoft platform, much of the material in this book is still useful. Except for a few chapters that are entirely Microsoft-specific, the same types of problems tend to occur regardless of platform. Even when something might seem to be applicable only to Windows, it often has broader application. For example, an Everyone Full Control access control list and a file set to World Writable on a UNIX system are really the same problem, and cross-site scripting issues are universal.
The book is divided into five parts. Chapters 1 through 4 make up Part I, Contemporary Security, and outline the reasons why systems should be secured from attack and guidelines and analysis techniques for designing such systems.
Font size:
Interval:
Bookmark:
Similar books «Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World»
Look at similar books to Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.