The book makes a great companion to other best practices coding books and is unique in that it is the only book that provides by function/by language lookup. Each function or method documented in this book is followed by a series of elements created to help programmers program responsibly by calling awareness to each function's purpose, risk, origin, resources, and more. Each function is organized in the following way:
-Prototype: This is where you will find the function's prototype or the method's proper implementation usage.
-Summary: Describes the function or method and its intended use.
-Description: Contains a detailed explanation of how the function should be used and when it should not be used. It also has explanations for any parameters the function or method may accept as input, in addition to providing detail on returned values.
-Risk: Informs the readers of the particular security threat posed when implementing the function or method. It recommends more secure alternatives, secure usage, bolt-on alternatives, and other types of clear, developer-focused solutions.
-Note: Any additional comments that pertain to the function.
-Additional Resources: These resources are included for additional information on the programmatic particulars of the language, function, or method. All resources consist of web links to educational websites, Microsoft, or other commercial powerhouses.
-Impact: The impact will be High, Medium or Low, signifying a potential high-level result that a poorly implemented function or method may have on the application.
-Cross Reference: Cross references are similar functions and methods that are available for use in the language. For example, the C language printf may have cross references of sprintf and snprintf.
Author James Foster added, "This book is the first of its kind--written to educate programmers about coding security specifics at the source level. Like writers turn to the dictionary, programmers will turn to the 'DeskRef' to check themselves."
Programmer's Ultimate Security DeskRef
PRICE: $49.95 U.S.
PAGE COUNT: 496 PP
About the Author
James C. Foster is the Deputy Director of Global Security Solution Development for Computer Sciences Corporation, where he is responsible for the vision and development of physical, personnel, and data security solutions. Prior to CSC, Foster was the Director of Research and Development for Foundstone, Inc. (acquired by McAfee) and was responsible for all aspects of product, consulting, and corporate R&D initiatives. Prior to joining Foundstone, Foster was an Executive Advisor and Research Scientist with Guardent, Inc. (acquired by Verisign) and an adjunct author at Information Security Magazine (acquired by TechTarget), subsequent to working as Security Research Specialist for the Department of Defense. With his core competencies residing in high-tech remote management, international expansion, application security, protocol analysis, and search algorithm technology, Foster has conducted numerous code reviews for commercial OS components, Win32 application assessments, and reviews on commercial-grade cryptography implementations.
Foster is a seasoned speaker and has presented throughout North America at conferences, technology forums, security summits, and research symposiums with highlights at the Microsoft Security Summit, Black Hat USA, Black Hat Windows, MIT Wireless Research Forum, SANS, MilCon, TechGov, InfoSec World 2001, and the Thomson Security Conference. He also is commonly asked to comment on pertinent security issues and has been cited in USAToday, Information Security Magazine, Baseline, Computer World, Secure Computing, and the MIT Technologist. Foster holds an A.S., B.S., MBA and numerous technology and management certifications and has attended or conducted research at the Yale School of Business, Harvard University, the University of Maryland, and is currently a Fellow at University of Pennsylvania's Wharton School of Business.
Foster is also a well published author with multiple commercial and educational papers; and has authored, contributed, or edited for major publications including "Snort 2.1 Intrusion Detection" (Syngress Publishing, ISBN: 1-931836-04-3), "Hacking Exposed, Fourth Edition," "Anti-Hacker Toolkit, Second Edition," "Advanced Intrusion Detection," "Hacking the Code: ASP.NET Web Application Security" (Syngress, ISBN: 1-932266-65-8), "Anti-Spam Toolkit," and the forthcoming "Google Hacking for Penetration Techniques" (Syngress, ISBN: 1-931836-36-1) .
Syngress Publishing (www.syngress.com), headquartered in Rockland, Massachusetts, is an independent publisher of print and electronic reference materials for Information Technology professionals seeking skill enhancement and career advancement. Distributed throughout Europe, Asia, and the U.S. and Canada, Syngress titles have been translated into twenty languages. The company's pioneering customer support program, email@example.com, extends the value of every Syngress title with regular information updates and customer-driven author forums. For more information on Syngress products, contact Amy Pedersen at 781-681-5151 or email firstname.lastname@example.org. Syngress books are distributed in the United States and Canada by O'Reilly Media, Inc.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.