Writing Secure Code, 2nd Ed.

By Paladion

September 15, 2004

We take a look at the "Writing Secure Code, 2nd Ed" book by Michael Howard & David LeBlanc on safe programming practices and guidelines security principles and threat modeling

Writing Secure CodeThis is easily the most detailed work on safe programming practices for developers who write applications on the Windows platform. The 2nd edition is over twice the size of the earlier edition with broader coverage of the security issues involved in developing applications. This edition continues to be targeted at the developer with in-depth discussions
on input validation, ACLs, privilege levels and cryptographic functions. Designers and security testers will find the book useful not only because these issues are important for everyone, but also thanks to the greater coverage given to design and testing. The chapters on Security principles and Threat modeling cover important ideas for designers, and there is an entire chapter devoted to security testing techniques. [Update: For the experienced security tester, we would however recommend
a more in-depth work like the "Shellcoder's Handbook" by Jack Koziol and others.] The Appendix has useful ready-to-use security checklists for designers, developers and testers. If you develop applications on the Windows platform, this is a book worth investing in.

Tags: Review