Home :: Books :: Computers & Internet  

Arts & Photography
Audio CDs
Audiocassettes
Biographies & Memoirs
Business & Investing
Children's Books
Christianity
Comics & Graphic Novels
Computers & Internet
Cooking, Food & Wine
Entertainment
Gay & Lesbian
Health, Mind & Body
History
Home & Garden
Horror
Literature & Fiction
Mystery & Thrillers
Nonfiction
Outdoors & Nature
Parenting & Families
Professional & Technical
Reference
Religion & Spirituality
Romance
Science
Science Fiction & Fantasy
Sports
Teens
Travel
Women's Fiction
 
Web Services Security in the .NET Platform :

Web Services Security in the .NET Platform :

List Price: $59.99
Your Price: $41.99
Product Info Reviews

<< 1 >>

Rating: 2 stars
Summary: Not enough depth, and the pieces aren't tied together
Review: I was excited by the prospect of this book. Many books on web services or ASP.Net offer only a short chapter on security that goes over the different authentication methods and not much more. I was looking forward to a broader end-to-end treatment of security.

Although this book did discuss a wide range of topics, it failed to tie them together. It describes a bunch of technologies but doesn't teach you how to choose between them or use them together. Some case studies or end-to-end diagrams would have really helped.

I also felt that there was not enough depth. Although the book is advertised as "advanced", it's really only an introduction to a bunch of topics. You need to go elsewhere to learn enough to really apply them. The book is quite thin.

I'm not sure who a good target audience for this book is. If you are trying to understand an overview web service security, it falls short because it doesn't do enough to help you understand the big picture. If you understand the big picture and are looking for an advanced treatment of how to implement security techniques, this book will only give you an introduction.

Rating: 4 stars
Summary: Very useful, but lacks depth in places
Review: If you are responsible for coding applications using Microsoft's .NET platform, and you want to be sure that you're taking security seriously, you should check out this book pronto. Expert Web Services Security in the .NET Platform, written by Brian Nantz and Laurence Moroney and published by ApressĀ®, covers the ins and outs of writing secure code with the .NET platform.

On the back cover, the user level is marked as Advanced. They're right. The first chapter alone, Web Services and XML Standards, will drop you immediately into the building of a simple web service and its consumer, with descriptions of XML Encryptions and signatures, PKI cryptography, and the various pieces of WS-Security (Web Services Security).

The most secure application won't do much good if it's run on an insecure platform. Chapter 2, Windows Security, describes in detail how to lock down IIS 6.0 (and Windows itself) to the most secure it can be. The following chapter on ASP.NET Architecture provides an overview of the security features in ASP.NET 1.1 with respect to web services.

I really enjoyed going through the chapter on Security Tools and Tips. Not only do you learn how to mask your identity and how to securely update your files, but you learn about the most popular tools available (most of them free) to test your security.

Arguably, the most important security tool is cryptography. The chapter on .NET Cryptography gives a basic overview of the terminology and techniques for encrypting your traffic. This sets the stage for the next few chapters, which go into detail about securing the web services with Integrated Windows Security, SSL, and the Web Services Enhancements (WSE).

Of course, any major site is going to have a lot of data to store that needs to be available to the web server. With so many exploits against SQL servers, Brian and Laurence put in a chapter devoted to securing SQL with ASP.NET, containing information on how to authenticate, how to impersonate, and how to obviate common attacks.

The last bit of protection needed is for the code itself. Open Source is very desirable these days, but many companies maintain their profit levels by protecting their intellectual property. .NET adds protection for the code itself by IL Obfuscation. Proper obfuscation renders reverse engineering techniques practically useless. Chapter 10 explains in detail everything you need to know to protect your code from inspection.

Expert Web Services Security in the .NET Platform provides a lot of valuable information for programmers using the Microsoft .NET platform. My only concern is that it didn't go as deep as it should have. At only 280 pages, it's rather slim to be covering such a deep topic as security throughout .NET. I hope that the second edition is bulked up to cover what was only skimmed over this time. I had to rank this an 4 out of 5, mostly due to the lack of depth in areas. Overall, a very useful book for .NET programmers.


Rating: 4 stars
Summary: Not as much on WSE as you would expect
Review: In this smallish 250 page book you would expect a significant proportion of the pages to be spent on WSE. Particularly when the book is for experts. Unfortunately the WSE coverage is only 18 pages.

That's not a fatal flaw though. There are excellent chapters on general security and cryptography. And chapter 10 on code obfuscation will probably be the only book on IL obfuscation until the rumored Decompiling C# arrives.

The book is well written. The style is terse and to the point. One chapter is very screenshot heavy, but the rest use graphics sparingly and to best effect.

I'd like to see a more focused book on WSE, but in the meantime this is a good book on security topics for Windows in general, and for web services in particular.

Rating: 4 stars
Summary: good discussion of crypto
Review: The book offers a good general description of Web Services. And specifically on how to make a simple Web Service using the .NET platform. But the thrust of the book is in showing how to incorporate cryptographic methods into the WS communications. The authors claim that perhaps the most important reason that WS have not taken off is security. Without a secure authentication and authorisation of messages, companies are leery about exposing their data via WS.

So the book devotes most of its space to the various cryptographic issues involved in .NET and WS. Some of this is not restricted to WS. For example, you may want to encrypt a channel, over which you will send sensitive data. That data might be a WS message, or something else. Hence, we get explanations of Active Directory, which handles a lot of these grubby details.

Later, they discuss public key cryptography. Which they term asynchronous encryption; not a widely used term. They contrast this to synchronous encryption, which most others call symmetric encryption.

But having said this, the book does offer a reasonable guide to using C# and .NET for WS. What is left for the reader is the much harder problem. That of designing a useful.


<< 1 >>

© 2004, ReviewFocus or its affiliates