Writing Secure Code is one of my favorite books. It is a must read for any developer, especially if you are developing on the Microsoft Platform. Though it has quite a number of chapters that focus on secure coding from a C++ perspective, the other chapters including the ones on SQL Server and on .NET makes this worth its weight in gold (It is a very heavy book :))
So I was delighted when I found that MS Learning is offering the eBook free from my friend Manoj Agarwal's Blog. Though this is an old post that I seem to have missed, the offer is still valid. You get a years access to the book that you can read online. Or you can download the whole book as a PDF.
1) Go to http://www.microsoft.com/learning/access.
2) Type your access code, 7234-N4E8-4995. (The code is case sensitive.) You will need to accept the License Agreement before you can proceed. Click Send.
3) You will be prompted to sign in using a valid Windows Live ID. If you already have a profile on Microsoft.com, use that Windows Live ID. If you do not have a Windows Live ID, use the options on the page to sign up for one.
4) On the Thank You page, click My Learning to access the e-book.
5) On the My Learning page, scroll to the E-Reference section. Click on Writing Secure Code, Second Edition to access the e-book.
Chapter 1: The Need for Secure Systems
Chapter 2: The Proactive Security Development Process
Chapter 3: Security Principles to Live By
Chapter 4: Threat Modeling
Chapter 5: Public Enemy #1: The Buffer Overrun
Chapter 6: Determining Appropriate Access Control
Chapter 7: Running With Least Privilege
Chapter 8: Cryptographic Foibles
Chapter 9: Protecting Secret Data
Chapter 10: All Input Is Evil!
Chapter 11: Canonical Representation Issues
Chapter 12: Database Input Issues
Chapter 13: Web-Specific Input Issues
Chapter 14: Internationalization Issues
Chapter 15: Socket Security
Chapter 16: Securing RPC, ActiveX Controls, and DCOM
Chapter 17: Protecting Against Denial of Service Attacks
Chapter 18: Writing Secure .NET Code
Chapter 19: Security Testing
Chapter 20: Performing a Security Code Review
Chapter 21: Secure Software Installation
Chapter 22: Building Privacy Into Your Application
Chapter 23: General Good Practices
Chapter 24: Writing Security Documentation and Error Messages