| Ernesto Guisado's Website » Ernesto's Book Reviews » Writing Secure Code | Articles | Miscellanea | |
%A Michael Howard %A David LeBlanc %B Writing Secure Code %I Microsoft Press Books %D 2002 %G ISBN 0-7356-1588-8 %P 477pp
Very good overview of Windows security by two of Microsoft's security evangelists. An nice complement to Building Secure Software which has a definitive UNIX-slant to it. The book comes with a CD with the source and other resources for programmers. Although most of the code is in C/C++, there is also some coverage of .NET, VB, ASP and Perl.
Appendix A "Dangerous APIs" could be used to get started on some kind of Win32 security scanner that checks if programmers are using them incorrectly. I particularly enjoyed appendix D "Lame Excuses We've Heard".
Microsoft Press has some information about the book.