Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security SecProg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Microsoft Writing Secure Code

from [Yvan G.J. Boily] Network Security [Permanent Link]
Subject: RE: Microsoft Writing Secure Code
Date: Thu, 9 Dec 2004 09:46:56 -0600 
I have a copy of Writing Secure Code, 2nd Edition which I picked up when the 
answer to a question regarding Microsoft's RNG for the
base crypto service provider taken from the book.  For someone familiar with 
the basic tenets of secure programming will not find
much new in here until you hit the examples and explanations of how to interact 
with the security functionality of the operating
system.  It also includes a discussion of how some aspects of security are 
implemented within the .NET framework which is fairly
important to many Windows-centric developers.  Overall I found the book to be a 
useful resource, and I would recommend it *if you
are a windows oriented developer*.

If you are just interested in the secure programming aspect as opposed to the 
Microsoft Windows focus of this book then I would
recommend "Building Secure Software" by John Viega and Gary McGraw; I found it 
to have more informative material and better
explanations of the topics.  This book includes exampled of how to accomplish 
secure implementations of a selected set of scenarios,
but more importantly, it addresses the root cause of security issues, which is 
the lack of awareness.

If you are looking for a lightweight introduction to the topic before moving to 
more technical materials, "Secure Coding -
Principles & Practices" by Mark Graff and Kenneth van Wyk is a fairly 
reasonable read.




-----Original Message-----
From: Rui Covelo [mailto:rui.covelo@gmail.com] 
Sent: Thursday, December 09, 2004 3:58 AM
To: secprog@securityfocus.com
Subject: Microsoft Writing Secure Code

Hi!

I was looking for some opinions about the book "Writing Secure Code"
from Microsoft press. The book is already "old" but I only got to read
it now... well.... some of it. I searched the mailing list archive for
"microsoft writing secure code" but didn't find anything related so I
guess it hasn't been discussed before or I don't know how to search
the mailing list archive correctly. If that's the case, please forgive
me.

I was wondering if any of you have read it and what you think about
it. Do you find it useful or plain microsoft propaganda (like I read
somewhere else)?
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Microsoft Writing Secure Code, Keith Oxenrider
Next by Date:  Re: Account Lockouts, Valdis . Kletnieks
Previous by Thread:  Re: Microsoft Writing Secure Code, Valdis . Kletnieks
Next by Thread:  Re: Microsoft Writing Secure Code, Sölvi Páll Ásgeirsson
Indexes:  [Date] [Thread] [Top] [All Lists]