Writing Secure Code

Front Cover
Microsoft Press, Nov 30, 2009 - Computers - 800 pages
5 Reviews

Keep black-hat hackers at bay with the tips and techniques in this entertaining, eye-opening book! Developers will learn how to padlock their applications throughout the entire development process—from designing secure applications to writing robust code that can withstand repeated attacks to testing applications for security flaws. Easily digested chapters reveal proven principles, strategies, and coding techniques. The authors—two battle-scarred veterans who have solved some of the industry’s toughest security problems—provide sample code in several languages. This edition includes updated information about threat modeling, designing a security process, international issues, file-system issues, adding privacy to applications, and performing security code reviews. It also includes enhanced coverage of buffer overruns, Microsoft® .NET security, and Microsoft ActiveX® development, plus practical checklists for developers, testers, and program managers.

What people are saying - Write a review

User ratings

5 stars
2
4 stars
1
3 stars
2
2 stars
0
1 star
0

Review: Writing Secure Code

User Review  - Eric - Goodreads

The general advice within this book is sound. However, it spends quite a bit of time on specific ways to secure Windows applications running on XP and earlier versions of the OS. If you don't do that type of development, much of the advice in the book is no longer relevant. Read full review

Review: Writing Secure Code

User Review  - Vipul Pathak - Goodreads

Teaches you about secure coding practices. A must read for every programmer ... Read full review

About the author (2009)

David LeBlanc, Ph.D., is a founding member of the Trustworthy Computing Initiative at Microsoft. He has been developing solutions for computing security issues since 1992 and has created award-winning tools for assessing network security and uncovering security vulnerabilities. David is a senior developer in the Microsoft Office Trustworthy Computing group.

Bibliographic information