Writing Secure Code
暫譯: 撰寫安全的程式碼

Practical strategies and proven techniques for building secure applications in a networked world

WRITING SECURE CODE reveals the battle-tested secrets of two veritable code warriorsdirectly from the trenches of large-scale commercial software development. Its all herefrom design pointers to specific code snippets, DCOM to .NET, the Win32® API to secure Web programming, and more. Dont even consider going live with a Win32 application on the Internet without reading this book.
JOEL SCAMBRAY, coauthor of HACKING EXPOSED and HACKING EXPOSED WINDOWS 2000

Secure software has long been considered an oxymoron, since most developers try to sprinkle security on top of their software products rather than baking it in. This clue-full cookbook is filled with from-the-trenches recipes featuring proven security concepts as key ingredients to make software products safer, more secure, and more reliable.
JOHN PESCATORE, Vice President, Gartner, Inc.

Hackers cost businesses countless dollars and cause developers endless worry every year as they attack networked applications, steal credit-card numbers, deface Web sites, hide back doors and worms, and slow network traffic to a crawl. Keep the bad guys at bay with the tips and techniques in this entertaining, eye-opening book. You'll learn how to padlock your applications throughout the entire development processfrom designing secure applications, to writing robust code that can withstand repeated attacks, to testing applications for security flaws. Short, easily digested chapters reveal proven security principles, strategies, and coding techniques to give you the peace of mind that comes from knowing you've done everything you can to make your code not only fast, but hacker-proof. The authorstwo battle-scarred veterans who have solved some of the toughest security problems in the industryalso give you sample code in numerous languages to demonstrate the specifics of secure development. If you build networked applications and you care about the security of your product, you need this book.

CONTEMPORARY SECURITY: Security issues that you should address in every development project
SECURE CODING TECHNIQUES: Public enemy #1the buffer overrun, determining good access control, running with least privilege, cryptographic foibles, storing secrets, and canonical representation issues
NETWORK-BASED APPLICATION CONSIDERATIONS: Socket security; secure DCOM, Microsoft® ActiveX® and RPC applications; protecting against denial of service attacks; and securing Web-based services
SPECIAL CONSIDERATIONS: Writing secure managed code for the Microsoft .NET Framework, secure testing, secure software installation, and general good practices
APPENDIXES: Dangerous APIs, the Ten Immutable Laws of Security, the Ten Immutable Laws of Security Administration, and lame excuses!An eBook, sample code, and tools