<< 1 >>
Rating: 
Summary: Great if you're new to MS Security but not enough for others
Review: A great source of wisdom if you build or deploy web-sites. Well written, greath depth and most of all - easy to read. There is lots of new information previously unpublished. It explains how to design, build, and deploy secure systems without resorting to scare-tactics.
Rating: 
Summary: Best book I read on the subject
Review: enjoyable and very informative
Rating:
Summary: It Answered Many Questions!
Review: I have always thought that n-tier security was next to impossible. This books proves it isn't. The book discusses the pros and cons of various ways of building secure n-tier applications. Covers browser, Windows 2000, IIS, COM+ and SQL Server security as well as Kerberos, Certificates, Keys, SSL/TLS and much, much more. And it's all very cohesive!
Rating:
Summary: Exceptional
Review: Incredible security coverage of IIS, Windows 2000, COM+, IE and SQL Server. The best IIS security book out there. But it focuses on other topics, not just IIS.
Rating:
Summary: Superb!
Review: Simply put - I learned more about security from this book than any other book I have previously read. The authors describe web security very well and in an easy to understand manner. Best of all _EVERYTHING_ is by example. None of the book is pure theory and every comment is backed up with supporting facts. Also, unlike many books in vogue today, this is not a scare-mongering book. It treats security in a logical, matter-of-fact manner. You'll love it!
Rating: 
Summary: Worse than nothing
Review: The book covers a great deal of ground very quickly. Importantly, the material is easy to read and useful. While the focus is on Windows 2000-based technology, much of the book (most notably, threat modelling, and practical authentication, authorization, privacy and non-repudiation) can be applied to other non-MS technologies. The really cool thing I like the most about the book is it is practical, rather then theoretical. The book gave me ammunition to convince management that they need to spend time/money/resources to insure a secure system, and then the book showed me how to choose appropriate technologies to solve security problems.
Rating:
Summary: The most complete web application security on the market
Review: This book covers all issues pertaining to building and securing web applications. From the browser all the way to the database server. This is the only book I've read which includes database and component security as a critical part of the solution. Highly Recommended.
Rating:
Summary: This is NOT a rehash of Microsoft whitepapers or help files.
Review: This is the best IIS security book I've found yet, and I do Microsoft network security consulting for a living. Most IIS books simply rehash the IIS help files or Resource Kit-- this doesn't. Moreover, IIS 5.0 on Windows 2000 is substantially different than IIS 4.0 on NT, but nobody else I've read tackles the new heavy features like Kerberos authentication, digital certificate mapping to Active Directory, IPsec packet filtering for HTTP, distributed applications with COM+/DCOM, WMI, ADSI, etc.. The CD-ROM is also very useful; for example, it includes a Perl script which will search IIS logs for common attack signatures for intrusion detection. This book is written for security administrators and web-application developers. It has saved me MANY hours of trying to track down IIS 5.0 security internals that might not be documented anywhere else.
<< 1 >>
| 
