Monday, December 05, 2005

Great new book - "Writing Secure Code" by David C. LeBlanc and Michael Howard

"Writing Secure Code" by David C. LeBlanc and Michael Howard.
I just got my copy of "Writing Secure Code" by David C. LeBlanc and Michael Howard. 

So far, I'm only at the chapter on Threat Modelling, but it has proven to be quite an enlightning read.

I heard about it in a course I took in training called, aptly enough, Developing Secure Software. 

It's a required course for all developers and testers at Dell which is where I am currently employed. It was presented in a lab format by a representative from St. Edwards University's Professional Education Center

The thing that really pulled me into the class was that it covered development of web apps, C/S database apps, and code in both C# and Java.
They walked us through both the apps in question, the techniques used to compromise said apps, and even the code / technical solutions to the vulnerabilities. Definitely the coolest training I've been able to attend to date here.

If you write and/or test code, even in non-Microsoft environments, you should check out this book. I got my copy on amazon for $7.95, so it's not even a particularly expensive learning tool. Don't you just LOVE a good sale ;) ?

There's a Kindle Edition, and a Paperback available.  Links to purchase them from Amazon included for your convenience.