tags:

views:

91

answers:

3
+3  Q: 

Is the 2002 book "Writing Secure Code" practical for 2010 Windows Internet apps?

It has been recommended that I read Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World

The book looks great, but seeing it was last updated in 2002 concerns me ... especially where security is involved.

So my question is, is this book still relevant? Or should I read something else instead. And if so, what?

My primary focus right now is C++ Windows desktop applications which also access website content, uploading & downloading files.

+3  A: 

The book is still mostly relevant, in that most of what it says still applies. There is some reference to technology that might well be outdated, but the main message of the book is still well worth reading.

I doubt that it's the only security book you'll want to read, but it's a good starting point.

David Thornley  2010-08-04 16:30:57
+1  A: 

One thing you must remember when dealing with security bugs is that they are not exclusive but they are cumulative. Unless the bugs you are talking about are specific to some application.

Explanation: The bugs/loop holes in your code in 2000 wouldn't stop being bugs/loop holes in 2020. They are still those and in 2020 you have bunch of new ones to deal with.

So, A security book like this is never old. It is a must read but like other answerer said, reading this alone is not sufficient. You must read other books too (which may explain "whats new since 2000" part).

This explains the update/addendum "Writing Secure Code for Windows Vista"

claws  2010-08-06 05:18:38
+2  A: 

I'm the co-author of Writing Secure Code 2nd, along with David LeBlanc. Yes, the book is still relevant today. At least the fundamental skills are as valid today as they were 'back then'!

If you want something totally up to date (at least relatively up to date) get our 24 Deadly Sins of Software Security from McGraw-Hill.

Writing Secure Code for Windows Vista is a little different; much of the book focuses on how to use many of the new security defenses we offer in Windows Vista, Windows Server 2008 and now Windows 7 and Windows Server 2008 R2.

Hope that helps, Michael

Michael Howard-MSFT  2010-08-13 23:04:12

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)