Writing Secure Code, Second Edition

The first couple of chapters revolve around design, in fact ch2 is over 70pp long, and it's all about how to design secure systems.

The bulk of the book focuses on secure coding, including buffer overruns, sockets, RPC, COM, Crypto, canoniclization issues, least privilege, storing secret data, Web apps - and more!

The last part of the book discusses common .NET coding errors, and how to build security test plans.

What makes this book utterly unique is it really teaches you how to design and test secure applications, as well as how to write them. The design and test stuff I have seen nowhere else.

The book is worth every penny, and I now know why Bill Gates recommends the book to all Microsoft developers.

Rating:
Summary: Great book if you're serious about writing secure code
Review: I got this book for free from Microsoft, because our company became a Microsoft Partner. I must admit that at first I was a little bit sceptical about it, because afterall this book is published by Microsoft and they have this reputation of selling rather insecure software themselves. But after reading the first few sections I knew it was going to be a very good read.

The book explains in very clear language almost every aspect of secure programming and gives a good overview of all common security flaws that can (and will!) enter your programming code. You'll learn how to securely design, implement, test and deploy your programs. Ofcourse buffer overruns are handled (Public Enemy #1 according to the authors), but that's only the tip of the iceberg. The book does a great job by identifying and providing solutions to common security pitfalls. Topics that are handled include: database access, user privileges and Access Control, Cryptography, handling secret data, user input, encoding and internationalization, RPC, DCOM, DOS attacks, .NET and writing secure program documentation.

I recommend this book to every programmer out there, even if you're not programming for the Win32-platform. Don't let the fact that this is a Microsoft publication refrain you from buying this book. If you are serious about writing secure programs this is the book to get.

Rating:
Summary: Not so much for web programming security
Review: I have bought this book hoping to write a secure web page but I could get more advice search the microsoft web page than the book. Not recommended if you r writing for the web.

Rating:
Summary: Stellar!
Review: I have to admit to being somewhat skeptical about this book, but after reading 3/4 of it, my skepticism is gone. It's wonderfully written, full of practical advice to designing and building secure software.

I think the most useful chapter is on threat modelling, we're building such models for all our apps.

Say what you will about Microsoft,but this book is great! And, hopefully a sign of things to come from the company.

Rating:
Summary: Not bad, not great.
Review: I know it's really weird buying a book from Microsoft written by people from Microsoft on secure code. Why should you trust them? They know more about Windows than most people!

I read the Linux Secure Programming book online, and the other book Building Secure Software. Those other two books are better organized. It felt more like a collection of lose tips than the other two.

It's also missing a lot. Even though I'd learned a lot of stuff from the other books, I bought this one because I needed to learn how to use the Microsoft APIs to do SSL programming, and I wasn't happy with the documentation I've got access to. I figured this book would have it, but it doesn't, which was a deep disappointment.

Now, this book has taught me some new tricks. It has lots of good windows-specific hints that other books don't have. But if you're not a Windows programmer, don't bother. They don't cover other operating systems as well as the other books do. The book also didn't really teach the basic principles as well as the others. Every Windows programmer should have this book on his desk, but only for the Windows-specific stuff. Buy a better book first.

Rating:
Summary: MS writing secure code?
Review: One can't help but wondering why two MS security experts bother to write a book about secure code? Since it is obvious that their employer does not make use of their recommendations, either their recommendations aren't any good, or they are, and their employer ignores them anyway. Either way, the book inspires little confidence - there are other books out there on the subject that are not laden with such negative connotations.

Rating:
Summary: Now I know why it's mandatory reading at Microsoft
Review: Say what you will about Microsoft, but at least they are trying to solve their security ills, and I can see why this book is required reading for all developers at the company. It's well written, well edited and full of really useful stuff about designing and building secure systems.

It covers all the stuff you'd expect and much more: buffer overruns and how to prevent them, as well as ACLs, least priv, crypto, managed code, tesing, threat analysis, sockets mistakes, installation, web issues and much more.

If Microsoft follows the guidelines in this book, the will succeed if their goal of trustworthy computing.

Rating:
Summary: 2nd Edition Even Better
Review: The 2nd edition is even better than the first. According to the intro, the first edition came out before the Windows group security push, and the 2nd is based on experience from several other teams (SQL Server, Visual Studio and others) doing a similar security push. The expanded .NET section has some great tips!

Rating:
Summary: 2nd Edition Even Better
Review: The 2nd edition is even better than the first. According to the intro, the first edition came out before the Windows group security push, and the 2nd is based on experience from several other teams (SQL Server, Visual Studio and others) doing a similar security push. The expanded .NET section has some great tips!

Rating:
Summary: Not writing non-secure code for Windows
Review: The title of the book is misleading to begin with. The book is not about writing secure code. It's about (1) not writing non-secure code and (2) using Windows specific security APIs.

(1) Not writing non-secure code. Covers several issues, some more obvious, like buffer overruns and validating user input, some more complex, like escaping URLs and socket security. I thought the book would teach me best practices about organizing code, as in "do like I do". Instead it goes like "don't do like I'm telling you".

(2) Using Windows security APIs. This is THE BEST part of the book. Gives you a very good overview about several different APIs, including ACLs, protecting sensitive data, securing DCOM and .NET code, excellent tips on installing programs etc. etc.

Keep in mind that this book is said to be used internally within Microsoft with "security pushes", with the audience of 8000 people, including not only developers of all levels, but managers as well, therefore the book is by definition a high level overview.

Sometimes the book feels like MS educational course. Ex. (tip on p.77) "I created the ... diagrams ... using ... Microsoft Visio Professional 2002". That's cool, but what does it have to do with security ?

Some topics should never be there. How about 3 pages of tips for a kernel driver writer ? It's a huge topic in itself and how many readers outside MS do this anyway ? Privacy issues are covered idealistically. Yeah, sure, if you put a specially crafted XML to the special place on your site, the users magically start trusting you... I'd better read about real situation with privacy, not how the government rules it to be. Oh, and how about 40 pages about cryptography ? Please...

The book tries to show you the security process with development and testing. I can easily see they use this process in Microsoft, with 8000 people. For a small team it's completely useless. How about using 4 (!) people for a code review ? Sure, upon reading this book you will know that security code review is a must (if you have enough resources). Didn't you know that before ?

The code samples are ugly. How about this: "... X is cool ... several pages of Perl (!) ... see what I mean ?". Ok, one of the authors admits to be a Perl fan, but how am I supposed to read through all this gibberish ? C(++) samples are not much better. May be they are fully functional and compilable and all, but please, they are huge and inconsistent in themselves.

All in all, 5 stars for Microsoft, 3 stars for the rest of the world.