Newsletter   Secure Checkout   Shopping Cart (0 Items)  
Search:    Welcome Guest! Save up to 30-40% on most items with our awesome everyday discounts!

Programmer's Ultimate Security DeskRef [Paperback]

Our Price $ 36.37  
Retail Value $ 51.95  
You Save $ 15.59  (30%)  
Item Number 255920  
Buy New $36.37
Out Of Stock!
Currently Out Of Stock
Currently unavailable...

Item description for Programmer's Ultimate Security DeskRef by James C. Foster...

The Programmer's Ultimate Security DeskRef is the only complete desk reference covering multiple languages and their inherent security issues. It will serve as the programming encyclopedia for almost every major language in use. While there are many books starting to address the broad subject of security best practices within the software development lifecycle, none has yet to address the overarching technical problems of incorrect function usage. Most books fail to draw the line from covering best practices security principles to actual code implementation. This book bridges that gap and covers the most popular programming languages such as Java, Perl, C++, C#, and Visual Basic.

Promise Angels is dedicated to bringing you great books at great prices. Whether you read for entertainment, to learn, or for literacy - you will find what you want at!

Item Specifications...

Pages   700
Est. Packaging Dimensions:   Length: 9.21" Width: 7.87" Height: 1.34"
Weight:   2.51 lbs.
Binding  Softcover
Release Date   Nov 20, 2004
Publisher   Syngress
ISBN  1932266720  
ISBN13  9781932266726  

Availability  0 units.

More About James C. Foster

Register your artisan biography and upload your photo! Foster is the Deputy Director of Global Security Solution Development for Computer Sciences Corporation where he is responsible for the vision and development of physical, personnel, and data security solutions.

Are You The Artisan or Author behind this product?
Improve our customers experience by registering for an Artisan Biography Center Homepage.

Product Categories

1Books > Subjects > Computers & Internet > General
2Books > Subjects > Computers & Internet > Programming > Languages & Tools > C#
3Books > Subjects > Computers & Internet > Programming > Software Design > Software Development
4Books > Subjects > Reference > General

Reviews - What do customers think about Programmer's Ultimate Security DeskRef?

Appallingly bad  Jul 26, 2007
Based on snippets posted online, the authors and publishers of this book should be deeply ashamed of themselves. The "Risks" sections of various Common Lisp functions are complete gibberish--for instance warning about wildcard characters in filenames when discussing the IMPORT function which has nothing to do with filenames. But that's just one example of many. Basically nothing of what I've seen that they say about the "Risks" associated with Common Lisp makes any sense at all.
Bogus information, a high-impact security risk  Jun 14, 2005
Quick perusal finds several lisp functions whose assesment is utterly bogus. Lest you believe this is limited to less well known languages, consider this:

This book lists the C function "gets" as a *low-impact* security risk, whereas in the real world it is one of the more common points-of-attack for buffer-overflows.

Don't buy unless you intend to sue the author.
Terse and incomplete  Dec 19, 2004
Don't look to this book to really teach you anything about secure programming. It's merely a limited command reference for a handful of languages (oddly including Lisp but excluding Java) with very brief notes on the security implications of each. It was very strange to flip through this book and find literally NO text or introductions anywhere; I really think a few pages should have been added to give some background on each language including any general guidance with regard to security. At least an introduction to language-independent secure programming concepts should have been included at the beginning--this book basically relies on the back outside cover to clue the reader in to what it's about and why it's important.

On top of the fact that a lot of content seems to be missing, I found many of the commands covered to be extraneous, having little to no significant security relevance. In some cases the advice is vague bordering on naive--a few places in the JavaScript section say things like "always use SSL" or "when in doubt, use SSL" which really isn't a very big-picture way to look at security and risk management. In several places common vulnerabilities are mentioned but not defined or explained--sidebars would have been appropriate.

Further lowering the book's value are its large print and extremely thin, rough, cheap-feeling pages (which seems to be typical of current Syngress releases), and lack of an index. Unless you're already familiar with secure programming practices and just need a pure reference to point out selected "harmful" commands in the covered languages, I don't think this book is worth buying. There's a lot more to secure programming than what this book provides and, in fact, it may mislead developers into thinking that secure programming is merely about proper use of certain unsafe functions and methods.
Very good with a couple of minor caveats...  Dec 5, 2004
If you're a typical programmer, you may be unaware of the potential security risks of certain statements in your language of choice. The new book Programmer's Ultimate Security DeskRef by James C. Foster (Syngress) can help you in that area.

Chapter List: ASP; C; C++; C#; ColdFusion; JavaScript; JScript; LISP; Perl; PHP; Python; VBA; VBScript

For as far as this book goes, it does a nice job. Each chapter for a language lists the language, and how it's used (like an example program line). There's a summary of what it does, along with a short description of how it should be used. You then get into the security aspect with a section on risk (how it might be used or exploited by an attacker), impact of the risk, and a list of additional resources where you can find more information on the risk issue. Finally, if applicable, there's a cross-reference to any other language statements that might have the same issue.

The information that's contained in the book is good, to be sure. If you use any of these languages in your normal coding efforts, you'll likely discover hidden risks in your program that you didn't know existed. I would have liked to see two other features in the book, however. The first thing I would have liked is to see a more concrete example of the potential exploit. Some of the risk assessments are general in nature, and you might have a hard time trying to bridge the gap between general caution and actual usage. And second, it seems like there could have been some additional languages added to the mix. Visual Basic isn't included (although it could be argued that VBA is close enough). Java seems to be an obvious exclusion, and it would have been much more valuable to me with that language included. And if you included ASP, you could have just as easily included JSP along with it.

Even with those omission or caveats, it's still a valuable addition to a programmer's bookshelf.
why no Java?  Nov 21, 2004
This book takes a neat approach to computer security issues. The authors consider a set of languages, like C, C++ and C#. For each, they provide a list of functions and explain how these might be compromised by an attacker writing code that calls them. Often, the attacker might tweak the input arguments in such a way as to have a buffer overflow. Or, she might call a function with perfectly ok arguments. But she could use the answer to deduce important information. For example, in C, the realpath function could return data that identifies the operating system and even user and security information.

The only question I have is the omission of anything on Java. The chapters on JavaScript and JScript don't count, by the way. The book has a chapter on Lisp functions. Yet Lisp is used far, far less than Java. There appears to be no explanation in the text for this omission. Now, I'm a Java programmer. I would really want to know which of its classes and methods are weak. If none are, that would be great. But the authors never explain, either way.

Write your own review about Programmer's Ultimate Security DeskRef

Ask A Question or Provide Feedback regarding Programmer's Ultimate Security DeskRef

Item Feedback and Product Questions
For immediate assistance call 888.395.0572 during the hours of 10am thru 8pm EST Monday thru Friday and a customer care representative will be happy to help you!

Help us continuously improve our service by reporting your feedback or questions below:

I have a question regarding this product
The information above is incorrect or conflicting
The page has misspellings or incorrect grammar
The page did not load correctly in my browser or created an error.

Email Address:
Anti Spam Question. To combat spammers we require that you answer a simple question.
What color is the sky?
Leave This Blank :
Do Not Change This Text :

Add This Product Widget To Your Website

Looking to add this information to your own website? Then use our Product Widget to allow you to display product information in a frame that is 120 pixels wide by 240 pixels high.

    Copy and paste the following HTML into your website and enjoy!

Order toll-free weekdays 10am thru 10pm EST by phone: 1-888-395-0572 (Lines are closed on holidays & weekends.)
Customer Service | My Account | Track My Orders | Return Policy | Request Free Catalog | Email Newsletter

Gift Certificates
RSS Feeds
About Us
Contact Us
Terms Of Use
Privacy Policy