<< 1 >>
Rating: 
Summary: A well written book - covers evrything
Review: Another good book from ORielly - the .NET series is excellent. This book is the best security book available. It is easy to read and contains lot of examples. There is a lot of crryptography, which is especially well covoered.
Rating: 
Summary: Required reading for .Net Programmers
Review: Some books are not going to be easy or approachable, one must already be familiar with either the C# and or Visual Basic language (the easy part) and the .NET programming enviornment to attempt this book. The authors are quick to jump from a discussion of the issues to meta code and sample code, but that is a feature, not a bug to the book's intended audience of very sharp, (as opposed to very basic), well educated coders. I would like to have seen more of an effort to discuss testing, validation and assessment, but at just under 700 pages this is a focused work and a serious coverage of the hooks that make it possible to secure .NET. (Of course that is assuming the underlying function calls are not riddled with buffer overflows and the like. Blaster on a .NET scale is a pretty scary prospect.)The bottom line, we are awash in bad code and the vulnerabilities that result are the fundamental reason there are so many exploits. When you consider that in the scale of a federated system it is not a pretty thought. Someday there will be building codes for software, but in the meantime, if you are a responsible citizen of this planet and you are involved in .Net development, buy your coders this book. Invest the time to be able to quiz them and do so. Make sure they understand the issues, especially with Chapters 18 and 19, ASP.NET and COM+.
Rating:
Summary: Best .NET security book I've seen
Review: While there is a lot of talk about .NET security, relatively little can be found in terms of documentation, which is one reason why this book is so refreshing. In addition to discussing some of the reasons behind certain security schemes, the theory is explained as well as the C# implementation. While there are some .NET specific security issues discussed (e.g. configuring worker processes), the section on cryptography should be required reading for everyone in the computer industry. I get really excited about a book when it contains a lot of good information and I am able to actually use it to solve real-world problems. After reading this book, I was able to help solve a really tricky (and politically challenging) security issue quite quickly. If you have anything to do with your company's security systems or write any .NET code, I think this book deserves a place in your reference section. This is certainly the best book on .NET security I have read thus far.
Rating:
Summary: Best .NET security book I've seen
Review: While there is a lot of talk about .NET security, relatively little can be found in terms of documentation, which is one reason why this book is so refreshing. In addition to discussing some of the reasons behind certain security schemes, the theory is explained as well as the C# implementation. While there are some .NET specific security issues discussed (e.g. configuring worker processes), the section on cryptography should be required reading for everyone in the computer industry. I get really excited about a book when it contains a lot of good information and I am able to actually use it to solve real-world problems. After reading this book, I was able to help solve a really tricky (and politically challenging) security issue quite quickly. If you have anything to do with your company's security systems or write any .NET code, I think this book deserves a place in your reference section. This is certainly the best book on .NET security I have read thus far.
Rating:
Summary: ALERT - This is a must have book!!
Review: You really are not a true .NET Programmer until you understand the security mechanisms that are part and parcel with the framework. To program in .NET (or really any component-oriented technology) without security in mind is like parachuting without one strapped to your back.
I was waiting for a book like this. Before this book I've had to scour over the internet to try to find out how to get the different areas of security in .NET to work. Now it's all here in one book. The theory, the explanations, the warnings, the samples. If you are a serious .NET programmer or .NET policy administrator then this is a must have book. If you don't know the difference between "host evidence" and "assembly evidence", then you need this book. If you don't know the difference between a "security demand" and a "permission request", then you are dangerous to the people you do work for.
Also, make sure you know the basics already of the language and the framework since this book assumes you do. Good luck.
<< 1 >>
| 
