Translating...
Hacking the Code: ASP.NET Web Application Security
More of a programmer’s guide than a security guide, Hacking the Code explains how certain code can be attacked, shows how you should edit the code, and offers case studies and examples for doing so. The book establishes policies for object input, and shows how to audit existing code for potential security problems.
People constantly ask security expert Mark Burnett for a guide to writing secure code. They don’t want a course on security, they want to fix their code. This book is a practical guide on how to maintain session state, how to properly handle cookies, how to get user input, and more. Instead of just telling you how to do it, Burnett shows actual code that can be dropped right into your applications. This book covers almost all security issues known. Burnett has put hundreds of hours of research into his code audit database and is now making that available to you.
Customer Review: Definitely a worthy book for developers and security pros alike
Hacking the Code is a must read if you want to pick apart .NET Web applications in the name of better security. More people in development and IT need to read books like this. I like how it focuses on ASP.NET – the language that a large portion of Web applications are developed in today. The book covers the important areas of securing applications and shows some good examples. Appendix A also has some good ASP.NET code samples for real-world concerns.
I especially like the coverage on authentication mechanisms which is something that’s often taken for granted by developers but where I tend to find a lot of the weaknesses in the work I do. Plus it doesn’t just focus on the technical side of things with the coverage of users awareness and policies. Overall, very good at covering the root of many of our security problems.
Customer Review: Spot on
In my never ending attempt to educate myself on web application security I thought it would be a great idea to look at this from the developer perspective. This text is a great piece on the ASP.NET side of development and security. It does a great job of showing what the developer may normally code and why that is NOT security oriented. It is a great tool for bridging the gap between security team and developer team so that you can speak intelligently on both even though you are NOT a developer or security professional. If you have an ASP.NET dev shop in your environment you should have someone if not everyone from your dev and security teams read this book to facilitate a more open line of commination between the two. Highly recommended. Buy Now!
