.NET From India

Writing Secure Code is one of my favorite books. It is a must read for any developer, especially if you are developing on the Microsoft Platform. Though it has quite a number of chapters that focus on secure coding from a C++ perspective, the other chapters including the ones on SQL Server and on .NET makes this worth its weight in gold (It is a very heavy book :))

So I was delighted when I found that MS Learning is offering the eBook free from my friend Manoj Agarwal's Blog. Though this is an old post that I seem to have missed, the offer is still valid. You get a years access to the book that you can read online. Or you can download the whole book as a PDF.

1) Go to http://www.microsoft.com/learning/access.
2) Type your access code, 7234-N4E8-4995. (The code is case sensitive.) You will need to accept the License Agreement before you can proceed. Click Send.
3) You will be prompted to sign in using a valid Windows Live ID. If you already have a profile on Microsoft.com, use that Windows Live ID. If you do not have a Windows Live ID, use the options on the page to sign up for one.
4) On the Thank You page, click My Learning to access the e-book.
5) On the My Learning page, scroll to the E-Reference section. Click on Writing Secure Code, Second Edition to access the e-book.

Chapters

Chapter 1: The Need for Secure Systems
Chapter 2: The Proactive Security Development Process
Chapter 3: Security Principles to Live By
Chapter 4: Threat Modeling
Chapter 5: Public Enemy #1: The Buffer Overrun
Chapter 6: Determining Appropriate Access Control
Chapter 7: Running With Least Privilege
Chapter 8: Cryptographic Foibles
Chapter 9: Protecting Secret Data
Chapter 10: All Input Is Evil!
Chapter 11: Canonical Representation Issues
Chapter 12: Database Input Issues
Chapter 13: Web-Specific Input Issues
Chapter 14: Internationalization Issues
Chapter 15: Socket Security
Chapter 16: Securing RPC, ActiveX Controls, and DCOM
Chapter 17: Protecting Against Denial of Service Attacks
Chapter 18: Writing Secure .NET Code
Chapter 19: Security Testing
Chapter 20: Performing a Security Code Review
Chapter 21: Secure Software Installation
Chapter 22: Building Privacy Into Your Application
Chapter 23: General Good Practices
Chapter 24: Writing Security Documentation and Error Messages

Got a mail from Amazon that they are accepting pre-orders for the last Harry Potter book, Harry Potter and the Deathly Hallows and it is still more than three months away!!!!

I went out yesterday morning and bought the new Harry Potter from the nearest Odessey. Though there were reports of people having to queue up to buy the book, I did not find anyone in the store when I got there.

The book is quite interesting. It is a tight and not-put-downable read. No digression from the main story. Though the ending is widely seen to be very sad and dark, it just tries to make you look forward to final episode.

I never read Da Vinci code till last month. Though I had heard good reviews of it, I did not go out and buy the book, nor did my mother. I got a copy last month from my aunt and found it quite good. A well laid out thriller, with interesting historical titbits.

So the last few weeks, when I had some free time, I have been reading all of Dan Brown books. So if you had recently taken a look at the Book list, you would have seen quite a lot of Dan Brown books coming there. Have finished, Angels and Demons, Deception Point. Reading Digital Fortress now.

Joel has written a wonderful foreword for the book titled In Search of Stupidity: Over 20 Years of High-Tech Marketing Disasters.

Seems like a good read, but it usually takes a few months before books land up in India. So I have to wait...:-(