BKWRSCCD.RVW 20060910 "Writing Secure Code", Michael Howard/David LeBlanc, 2002, 0-7356-1588-8, U$39.99/C$57.99 %A Michael Howard %A David LeBlanc %C 1 Microsoft Way, Redmond, WA 98052-6399 %D 2002 %G 0-7356-1588-8 %I Microsoft Press %O U$39.99/C$57.99 800-MSPRESS fax: 206-936-7329 %O http://www.amazon.com/exec/obidos/ASIN/0735615888/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0735615888/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0735615888/robsladesin03-20 %O Audience a Tech 2 Writing 1 (see revfaq.htm for explanation) %P 477 p. + CD-ROM %T "Writing Secure Code" The introduction states that the purpose of the book is to teach application designers (and particularly .NET developers) to design, write, and test application code in a secure manner. Part one addresses the contemporary security situation. Chapter one reviews the need for secure systems. The text is so supplemented by notes, comments, text boxes, and sidebars that it becomes difficult to follow at times. However, ultimately it does have a lot of interesting material that would be useful for those who have to make a case for secure coding practices and processes. Designing secure systems, in chapter two, provides a solid list of secure strategy principles along with details and discussion of them, although much of this deliberation is restricted to "war stories" which are interesting but not always useful. The content makes the point that the mere addition of security technologies does not always make for secure applications, which point is not supported by the inclusion, in the latter part of the material, of a huge list of security technologies. Part two turns to secure coding techniques. Chapter three details that old standard and nemesis, the buffer overflow. Unfortunately, most of what is provided is limited to code demonstrating that various types of buffer overflows exist, and some contentions in regard to specific C language instructions that should not be used. Code for access control list use on Windows NT4 and 2000 is reviewed in chapter four. Code, but not design, for running with least privilege occupies chapter five. Chapter six is again concerned primarily with source code for cryptographic operations, although limited to pseudorandom number generation (paying insufficient attention to seed values), key management, and miscellaneous topics. Further functions involved with encrypting confidential information are in chapter seven. Chapter eight turns to canonical representation, although the discussion is narrowly confined to filenames and issues of traversal. Part three concentrates on network-based application considerations even though network connectivity and access has been given as the reason to pay attention to secure coding in the first place. Chapter nine looks at the possibility of port hijacking, and the design of applications in order to work cooperatively with firewalls. Securing the use of RPC (Remote Procedure Calls), ActiveX, and DCOM (Distributed Common Object Model) is covered well in chapter ten, with concepts as well as code and good explanations (although I know for a fact that accessing dcomcnfg on XP is *not* as easy as the authors want to make out). Chapter eleven lists some denial of service (DoS) attacks and generally suggests limiting the resources available to applications. Most of the advice on securing Web-based services, in chapter twelve, boils down to advice not to trust the client, and various examples of malformed input are described. Part four contains special topics. Chapter thirteen details .NET functions and operations related to security, but also provides valuable guidance in regard to appropriate (and inappropriate) use. Testing of secure applications gets a review of standard procedures, in chapter fourteen, but the material does not provide an abstract overview of assessment concepts that could be used to find all possibilities of weakness. Installation procedures, in chapter fifteen, could have been useful, but is probably the most Windows specific and least practical section of the entire work. Chapter sixteen is a bit of a grab bag, but contains worthwhile tips and principles to follow (mostly in order to avoid common security pitfalls). Appendices are usually extraneous material, sometimes added merely to pad out the page count of a book. However, the essays included at the end of this volume could be quite helpful. There are the ten immutable laws of security and the ten immutable laws of security administration, which have become famous in their own right, and have spread through the Internet, as well as a list of dumb excuses given for not doing security properly. Overall, the book contains much that can be of use for those who wish to develop code that is secure and resistant against bugs and flaws that may open the application to attack. However, there is also a good deal that is irrelevant and not helpful, and a number of issues that could have useful have not been included (such as development methodologies, design strategies, and testing issues). copyright Robert M. Slade, 2006 BKWRSCCD.RVW 20060910