Required reading for .Net Programmers

Some books are not going to be easy or approachable, one must already be familiar with either the C# and or Visual Basic language (the easy part) and the .NET programming enviornment to attempt this book. The authors are quick to jump from a discussion of the issues to meta code and sample code, but that is a feature, not a bug to the book's intended audience of very sharp, (as opposed to very basic), well educated coders. I would like to have seen more of an effort to discuss testing, validation and assessment, but at just under 700 pages this is a focused work and a serious coverage of the hooks that make it possible to secure .NET. (Of course that is assuming the underlying function calls are not riddled with buffer overflows and the like. Blaster on a .NET scale is a pretty scary prospect.)

The bottom line, we are awash in bad code and the vulnerabilities that result are the fundamental reason there are so many exploits. When you consider that in the scale of a federated system it is not a pretty thought. Someday there will be building codes for software, but in the meantime, if you are a responsible citizen of this planet and you are involved in .Net development, buy your coders this book. Invest the time to be able to quiz them and do so. Make sure they understand the issues, especially with Chapters 18 and 19, ASP.NET and COM+.

Other Reviews

• Suprising -- Great Book
• Great .NET Security Book
• Don't think twice, just buy this book
• Best .NET security book I've seen
• Required reading for .Net Programmers