Writing Secure Code

%A Michael Howard
%A David LeBlanc
%B Writing Secure Code
%I Microsoft Press Books
%D 2002
%G ISBN 0-7356-1588-8
%P 477pp

Very good overview of Windows security by two of Microsoft's security evangelists. An nice complement to Building Secure Software which has a definitive UNIX-slant to it. The book comes with a CD with the source and other resources for programmers. Although most of the code is in C/C++, there is also some coverage of .NET, VB, ASP and Perl.

Appendix A "Dangerous APIs" could be used to get started on some kind of Win32 security scanner that checks if programmers are using them incorrectly. I particularly enjoyed appendix D "Lame Excuses We've Heard".

Microsoft Press has some information about the book.