This is a good book as it does a good job covering the different sources of software insecurities:
On the last point, the authors know well the topic. If you are using cryptography to protect something in your software but just store the private key in a global variable then you are helping tremendously the job of hackers as all they will have to do is look into your executable binary to search for something that looks like a key. A security measure is as strong as its weakest element and no hacker is foolish enough to attack a cryptographic algorithm that is proven strong. Even if you store the key in a secure place, all that is needed to retrieve the key is to perform a memory dump at the right time just before the software use the key. At least, you can make hackers job harder as there is nothing you can do to make your software 100% safe against hacker if the software is valuable enough to motivate them to hack your software. All you can do by improving your software security is to buy you some time before your software is hacked. All that to say that there is no bullet proof solution against hackers but the book gives solid leads to improve software security in that aspect.
In this book, there is a strong emphasis on Microsoft security technologies. The Windows Crypto API and the Microsoft OSes privileges API are described in length. If you develop on Windows and want to make your software more secure then this is an excellent book for you. If you develop on another platform, there is still something for you in this book as there are a lot of code snippets that are platform independent to improve software security such as input validation for file names to protect yourself against canonization bugs.
This is a very good book about software security but I do not recommend it simply because there is a new edition of it.
It is not perfect. One complain is that the first part is too easy and is aimed for total beginners and then there is the second part where a lot of material is presented too fast. I wished that the book spent less time with very basic (pun intended) VBA stuff but takes more time to make the transition to more advanced topics smoother.
Other than that, the book contains a lot of code that can easily be reused such as in my C++ tutorial that shows how to automate Outlook from a C++ program.
I have been disappointed by this book. I wanted it mostly to learn how to program Outlook. When I started reading it, I have realized that only a small portion of it was dedicated to Outlook.
Perhaps that I am harsh against the book value because I am not part of the intended readers but I guess that even readers interested to programming Exchange would not find much value of this book. I am saying so because the book is huge close to a thousand pages but it sounds like a cut and paste of the Exchange programmer user manual. When I purchase a book like this one, I expect it to be a complement to the product documentation, to give a better insight of how and why a given software works like it does. This book does not deliver up to these expectations.
The best Outlook programming book that I have found is: Microsoft Outlook Programming, Jumpstart for Administrators, Developers, and Power Users. Skip this one.
Windows sockets are not like BSD sockets. The book explains very well the different specific modes into which winsock can be used: Blocking mode in a dedicated thread, asynchronous mode using Windows messages and Overlapped I/O that removes some memory copying when passing buffer to send/receive data from/to sockets. It also covers the Socket classes provided with MFC. In my opinion, this book covers very well the details specific to Windows version of the socket API and that will allow the readers to take advantage of this socket API version.
ATL is an interesting C++ framework to easily create COM classes. It uses extensively the C++ templates and is coupled with Visual C++ wizards to automate the writing of skeleton code of an ATL project. However there is not much documentation coming with VC++ on ATL and there are so much options in the wizards dialog windows that unless you know what you are doing, you will probably not do the right thing. This is where this book comes in.
First, one of the coauthor, George Shepherd, is also the coauthor of the book MFC Internals that I really liked. This book does a good job to guide you through the main ATL features. My only complain is that, like almost every other book on COM that I have read, it assumes that you know nothing about C++ and COM and takes the first 2 chapters to introduce you these topics and that represents almost 100 pages of prerequisite material that should have been found only in a introduction book IMO.
:: Next Page >>
I want you to find in this blog informations about C++ programming that I had a hard time to find in the first place on the web.
| Next >
Sun | Mon | Tue | Wed | Thu | Fri | Sat |
---|---|---|---|---|---|---|
<< < | > >> | |||||
1 | 2 | 3 | 4 | 5 | ||
6 | 7 | 8 | 9 | 10 | 11 | 12 |
13 | 14 | 15 | 16 | 17 | 18 | 19 |
20 | 21 | 22 | 23 | 24 | 25 | 26 |
27 | 28 | 29 | 30 | 31 |