Hacking the Code: Auditor's Guide to Writing Secure Code for the Web Review
Hacking the Code is a must read if you want to pick apart .NET Web applications in the name of better security. More people in development and IT need to read books like this. I like how it focuses on ASP.NET - the language that a large portion of Web applications are developed in today. The book covers the important areas of securing applications and shows some good examples. Appendix A also has some good ASP.NET code samples for real-world concerns.
I especially like the coverage on authentication mechanisms which is something that's often taken for granted by developers but where I tend to find a lot of the weaknesses in the work I do. Plus it doesn't just focus on the technical side of things with the coverage of users awareness and policies. Overall, very good at covering the root of many of our security problems.
Hacking the Code: Auditor's Guide to Writing Secure Code for the Web Overview
Unlike other security and programming books that dedicate hundreds of pages to architecture and theory-based flaws and exploits, Hacker Code dives right into deep code analysis, security tool creation, and software testing. The local code and remote code sections of the book include previously undisclosed security research in combination with superior programming techniques from Foundstone and other respected organizations.
Available at Amazon Check Price Now!
Related Products
- Building Secure Microsoft ASP.NET Applications (Pro-Developer)
- The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
- Developing More-Secure Microsoft ASP.NET 2.0 Applications (Pro Developer)
- Improving Web Application Security: Threats and Countermeasures
- Programming WCF Services: Mastering WCF and the Azure AppFabric Service Bus
Customer Reviews
Spot on - Garot M. Conklin -
In my never ending attempt to educate myself on web application security I thought it would be a great idea to look at this from the developer perspective. This text is a great piece on the ASP.NET side of development and security. It does a great job of showing what the developer may normally code and why that is NOT security oriented. It is a great tool for bridging the gap between security team and developer team so that you can speak intelligently on both even though you are NOT a developer or security professional. If you have an ASP.NET dev shop in your environment you should have someone if not everyone from your dev and security teams read this book to facilitate a more open line of commination between the two. Highly recommended.
Great book - Bilen Çekiç - Turkey
english is not my native language but this book has a clear language that is easy to understant and examples are very good. Writer tells many experiences that he faced at past about security, it's vulnarables and precautions.
I highly recommend this book.
Secure Coding 101 - Paul Craig - California, USA
Personally I work as a penetration tester, so Hacking the Code was right up my alley. I read the book over the course of a day, stuck at an airport. (...)Mark has a certain way of showing information to the reader in a very clear and thought-out manor. Content of the book may be of highly technical nature but it is very easy to read (a rare mix). By the end of the book I felt like I knew everything about ASP, its amazing how much there really is to know.
If you work in the security industry then this book is a must, however, if you are a developer, webmaster or even someone curious about code security, READ IT.
Highly recommend
*** Product Information and Prices Stored: Sep 04, 2010 09:25:04
No comments:
Post a Comment