<< 1 >>
Rating: 
Summary: Quick read, yet very valuable
Review: I found this to be one of the better Wrox books I have read in quite some time. Many of the topics discussed in this book should be common knowledge in the .NET world, but I can guarantee they are not. In fact, I cently was involved in a panel discussion at a popular developer conference, and then the panelists asked the audience who used code access security, not a single hand was raised.This book covers many .Net security topics very well. It is intended as a handbook, and its size keeps the focus somewhat narrow. For this reason, every serious developer should have more security literature than just this book. On the other hand, if every developer just set aside the few hours it takes to read this book, then we would have much more secure software. Bottom line: Great book that does exactly what it set out to do. However, reading additional security books such as Writing Solid Code as well as other .NET specific security books is highly recommended.
Rating: 
Summary: Not what I expected
Review: Like many books I found the advice to be at times obvious. The book is well-organized and probably achieves its goal, but if you're already a competent programmer, it might not add much to your knowledge pool.
Rating:
Summary: Excellent Introduction to .NET CAS model
Review: Should be required reading for all .NET developers, both C# and VB.NET. Chapters 5 & 6 are strong, with some good lessons on leveraging the .NET security framework and overall secure coding techniques.
Rating:
Summary: Excellent Introduction to .NET CAS model
Review: Should be required reading for all .NET developers, both C# and VB.NET. Chapters 5 & 6 are strong, with some good lessons on leveraging the .NET security framework and overall secure coding techniques.
Rating:
Summary: Excellent Introduction to .NET CAS model
Review: So you're wading into the .net world and there's talk of code access security? Where do you start?
With an entire chapter devoted to 'How to write insecure code' followed by a chapter devoted to 'How to write secure code', Lippert's book shows us the common mistakes (even if we have the right intentions) that can leave our .Net code vunerable to attack and he shows ways to secure it. Even more is offered up for digestion in the chapter called 'Spot the Security Bug' - or perhaps it could be entitled 'have you understood all that you've read so far?'
This book definitely opened my eyes to security risks that I've never even contemplated... And if you want to star in the next movie on cryptography, that's dealt with as well - though I didn't read that chapter myself. So is this book worth it? Will it help you to start using the code security features of .Net?
Yes. It definitely gets you started and you'll be able to do some basic but very powerful security quickly with a bit of practice. And thanks to all the tips on bad techniques, you'll avoid making mistakes that could leave your apps exposed. Does it leave you wanting more? Yes. But in all fairness it is a 'Handbook'. I would also say that experienced developers would get more from this book than rookies like myself. I expect as my experience developes, I'll be going back to this book more and more. What would I add? .Net comes with a variety of utilities. Some of these are briefly covered. There are tools to secure and view assembly permissions - I'd got more if this book combined the code security aspect with the use of these utilities and walked me through some real world examples - CASPOOL.exe and PERMVIEW.exe are not covered in any great detail - but would augment the subject matter nicely if they were. For those new to the .Net world (aren't we all? but I mean really new), I think atleast one chapter that details a simple app would be nice - it could cover everything from
1) XP/NT security settings and perhaps show how to do a few basic things here
2) The stuff that this book already does well - code security 3) Using various utilities that come with visual studio .net to view permissions, set permissions on assemblies 4) and for good measure, give us some tips on how to test some of this security - how do you test something you're preventing from happening so you know it works? (some details are offered in the book on this and I found them useful) But again, in fairness to the author, that's more a 500 pager type of book and this is a handbook. If Code Security is mysterious to you or you know just enough to want more details, this book is a great start.
Rating: 
Summary: Code Security Explanations and more
Review: So you're wading into the .net world and there's talk of code access security? Where do you start?
With an entire chapter devoted to 'How to write insecure code' followed by a chapter devoted to 'How to write secure code', Lippert's book shows us the common mistakes (even if we have the right intentions) that can leave our .Net code vunerable to attack and he shows ways to secure it. Even more is offered up for digestion in the chapter called 'Spot the Security Bug' - or perhaps it could be entitled 'have you understood all that you've read so far?'
This book definitely opened my eyes to security risks that I've never even contemplated... And if you want to star in the next movie on cryptography, that's dealt with as well - though I didn't read that chapter myself. So is this book worth it? Will it help you to start using the code security features of .Net?
Yes. It definitely gets you started and you'll be able to do some basic but very powerful security quickly with a bit of practice. And thanks to all the tips on bad techniques, you'll avoid making mistakes that could leave your apps exposed. Does it leave you wanting more? Yes. But in all fairness it is a 'Handbook'. I would also say that experienced developers would get more from this book than rookies like myself. I expect as my experience developes, I'll be going back to this book more and more. What would I add? .Net comes with a variety of utilities. Some of these are briefly covered. There are tools to secure and view assembly permissions - I'd got more if this book combined the code security aspect with the use of these utilities and walked me through some real world examples - CASPOOL.exe and PERMVIEW.exe are not covered in any great detail - but would augment the subject matter nicely if they were. For those new to the .Net world (aren't we all? but I mean really new), I think atleast one chapter that details a simple app would be nice - it could cover everything from
1) XP/NT security settings and perhaps show how to do a few basic things here
2) The stuff that this book already does well - code security 3) Using various utilities that come with visual studio .net to view permissions, set permissions on assemblies 4) and for good measure, give us some tips on how to test some of this security - how do you test something you're preventing from happening so you know it works? (some details are offered in the book on this and I found them useful) But again, in fairness to the author, that's more a 500 pager type of book and this is a handbook. If Code Security is mysterious to you or you know just enough to want more details, this book is a great start.
Rating:
Summary: Great overview of security and good programming practices
Review: When I sat down to read this book, I thought it would mainly be relevant to VB .NET (I'm a C# and C++ programmer) and I thought it would only cover .NET code access security. Instead, I was pleasantly surprised to find not only great coverage of .NET code access security, but also good programming practices for security and programming techniques and ideas that apply to all programming, including non .NET languages. The chapter on "How to write insecure code" is well written and covers everything from how to avoid failing to a non secure state to how to avoid cross site scripting exploits or SQL injection exploits. Everything is explained in a very easy to read and understand manner. The checklist provided at the end of the book is great to refer to to remember everything you've learned. I would have liked the "Spot the defect" chapter to include more (but shorter) examples. The ones that are given are great but kind of overtly bad. I think it is a little more realistic when you are looking at code that has fewer and sometimes more hard to find defects. I think a little more explanation of how to configure .NET security policy would be helpful. I still get confused by the unwieldy hierarchical structure of .NET policy and I wanted more help on good practices in this area. But all in all, it was a great read and a good book on not just .NET Code security but good practices for writing good and secure code.
<< 1 >>
| 
