Writing Secure code for Windows Vista
Michael Howard; David LeBlanc
MICROSOFT PRESS (11 April 2007)
ISBN 978-0735623934
224 pages
Buy from Amazon
About: Writing Secure code for Windows Vista The names Howard and LeBlanc have become synonymous with security ever since their first "Writing Secure Code" book. This new, somewhat thinner, tome continues in the same vein, highlighting best practices for writing programmes for Windows Vista; and this is where the book is focused. Don't expect to find discussions of canonicalization issues, SQL-injection or threat modelling here. The book is a short, punchy adjunct to "Writing Secure Code", discussing such topics as User Access Control, CardSpace, parental controls and other vista-related security features. I liked the clear coverage of these (and other) topics, and they help to give you a solid understanding of why things work the way they do on Window Vista. There is also a lot of material targeted at unmanaged C/C++ developers,with extensive coverage of areas such as address Space Layout Randomisation (ASLR) and some of the C/C++ compiler switches. On page after page I was reminded why I'm so happy programming in the fluffy cloud of. NET, rather than worrying about double freeing of pointers not using APIs that are forbidden, buffer overruns and C++ heap allocations strategies: one can only hope that all of the developers on the.NET Framework and Windows O/S teams have read(and understood this book. So will this book appeal to the average. NET developer? Most ASP.NET developers gain little or no information from this book, although there is an informative chapter on the new security features of IE 7. Window Forms and WPF developers will find useful nuggets, but expect to have to hunt for then amongst the detail. This is a bit of a shame, as even managed code developers need to understand the implications of the new security features. The book might have thus been improved by having an appendix for. NET developers summarising the key features and their impacts, thereby isolating them from the many pages from ALT and C++ code. Having said that, all developers will benefit by improving their understanding of the new Windows Vista security enchantments, and thus I would recommend that you read this book.
Resources
About the Author
Michael Howard, CISSP, is a leading security expert. He is a senior security program manager at Microsoft and the coauthor of The Software Security Development Lifecycle. Michael has worked on Windows security since 1992 and now focuses on secure design, programming, and testing techniques. He is the consulting editor for the Secure Software Development Series of books by Microsoft Press. David LeBlanc, Ph.D., is a founding member of the Trustworthy Computing Initiative at Microsoft. He has been developing solutions for computing security issues since 1992 and has created award-winning tools for assessing network security and uncovering security vulnerabilities. David is a senior developer in the Microsoft Office Trustworthy Computing group.Latest Offers
Deal of the Day: 60% Off "Taxi: The Complete Series" and "Happy Days: Seasons 1-4"
Stainless Steel Jewelry: Up to 60% Off
Silver with Cubic Zirconia Jewelry: Up to 60% Off
Save Big on DVD, Blu-ray, and Video On Demand
ThinkFun Games, Buy 2 or More and Save an Additional 25%-Off
MP3 Free Song of the Day: The Thermals
Contact
If you would like to review a book, have your book reviewed or comment on any of the reviews on this site, please feel free to get in touch with us. We are always on the look out for materials and resources that we believe developers all over will benefit from.
Contact us here: Contact page
http://www.onyxtic.com/dev/feed.rss
