Arts & Photography
Audio CDs
Audiocassettes
Biographies & Memoirs
Business & Investing
Children's Books
Christianity
Comics & Graphic Novels
Computers & Internet
Cooking, Food & Wine
Entertainment
Gay & Lesbian
Health, Mind & Body
History
Home & Garden
Horror
Literature & Fiction
Mystery & Thrillers
Nonfiction
Outdoors & Nature
Parenting & Families
Professional & Technical
Reference
Religion & Spirituality
Romance
Science
Science Fiction & Fantasy
Sports
Teens
Travel
Women's Fiction
|
 |
Hacking the Code: Auditor's Guide to Writing Secure Code for the Web |
List Price: $49.95
Your Price: $32.97 |
 |
|
|
|
| Product Info |
Reviews |
<< 1 >>
Rating: 
Summary: Must read for people of all technical levels
Review: I can't say enough good things about Mark Burnett's book Hacking the Code. From beginning to end it is a great read and a great resource. What impressed me from the beginning is how he was able to take such a wide range of difficult topics and make them sound so down to earth. The writing style is so polished and friendly that you almost forget that you are reading about pretty intensive topics.
I was continually impressed at how well formatted the book was. Now, that almost seems unimportant to mention but it's not. Each section gives the goals of that section, the topic thoroughly covered, and then a summary, worth reading I must add, to close off the section. This impressed me because it is easy to read this from cover to cover and quickly grasp the subject matter. Or, if you are reviewing the section, you can use the summary to be reminded of the key points.
VB.Net and C# code examples are plentiful, completely usable and easy to understand.
This book is a must read. Even with the topics that I already had a good handle on, I felt that I was continually picking up new pieces of information and being challenged to review the security I already had in place.
Hacking the Code is an easy read covering difficult topics in a consistent, complete and concise manner. I highly recommend this book without reservation.
Rating: 
Summary: Terse ASP.NET security insights
Review: I liked the content here a lot but the organization needs work, and the text is really too terse. In fact, I felt like I was reading an outline. Granted, there are code samples and the book covers all of the important basics, like security database access, validating user input and encrypting critical data.
This is good introductory material on the serious security issues that need to be dealt with when you are developing any web application (not just ASP.NET). But the organization, for me, really detracts from the value of the work.
The book is organized into chapters along the high level groups of issues like data security, sessions, and authentication. Then within each chapter there are a set of threats with discussions and example code. Think of it like a cookbook where the definition of the problem is a lot more terse. At the end of each chapter is a check list and a short FAQ section.
This is not an introductory level book. This is for engineers who understand the ASP.NET framework and are looking for practical advice on how to secure their applications against malicious use.
Rating:
Summary: Highly recommended
Review: I picked up this book after briefly meeting Mark Burnett at Blackhat this year. I've got to say it is really well written, well laid out and covers off all the major .NET issues in impressive detail. I review web application security for a living and I still learnt a thing or two :)
The way in which he covers each of the common web programming flaws means it would still be useful to those who aren't already familiar with the details of application security.
By using a lot of useful code examples, and the excellent summary sections make it a good reference book which will stay handy on my shelf for a long while.
Rating:
Summary: The best book for any VB.NET and C# Programer
Review: If one is programming any web application in ASP.Net this is the book to read. It is waht is spected from Mark Burnett. I find my self comming back to the book time a time again to get ideas on ways to make my code more secure. This is a must buy for anyone who writes web applications.
Rating:
Summary: Great security ideas
Review: This is a great book with a lot of really good ideas on improving ASP.NET applications and ASP.NET security. The book is organized into "ideas" which can help secure an ASP.NET (or really any) application. Beneath each idea is a list of what type of threats the specific idea mitigates, followed by the actual ASP.NET implementation. One thing I really liked about this book is that it's presented in a way which helps illustrate how hackers could infiltrate your web applications. I found this to be very effective in driving home a security lesson.
The book is organized into ten different sections on aspects of ASP.NET security, which range from user management (which includes how to handle user names, passwords, and the like) to developing applications with security in mind (which includes issues like cross-site scripting attacks and error logging). Many sites with user management features provide a "Secret Question", which is used in case you forget your password. The secret questions often include questions like "What is the name of your favorite pet?" or "What city were you born in?". The book goes on to show that the secret question concept goes against everything security experts have been saying by demonstrating how hackers can use brute-force attacks along with educated guesses to gain unauthorized access.
This book even discussed connection string issues and encryption in config files, which is an issue I am currently struggling with. Code examples are provided for all of the ideas presented, which are generally quite clever in and of themselves.
If you are serious about improving the security in your ASP.NET applications, then do yourself a favor and read this book. I think you will find it was time well-spent.
<< 1 >>
|
|
|
|
