Provides information on writing more secure code for Microsoft Windows Vista, covering such topics as application compatibility, buffer overrun defenses, network security, Windows CardSpace, parental controls, and Windows Defender APIs.

Howard and LeBlanc (both are security experts with Microsoft) discuss the need for security and outline its general principles before outlining secure coding techniques. Testing, installation, documentation, and error messages are also covered. Appendices discuss dangerous APIs, dismiss pathetic excuses, and provide security checklists. The book explains how systems can be attacked, uses anecdotes to illustrate common mistakes, and offers advice on making systems secure. Annotation copyrighted by Book News, Inc., Portland, OR.

It's not the computer. The hacker's first target is YOU! A dirty little secret that vendors don't want you to know is that good computer security doesn't cost a thing. Any solution you can buy is guaranteed to fail. Malicious hackers use this fact to their advantage. Real security is gained by understanding the enemy's tactics and offsetting them with appropriate and consistently applied Windows settings. These expert authors realize that an effective strategy is two parts technology and one part psychology. Along with learning about Vista's new security features (such as UAC, integrity controls, BitLocker, Protected Mode, and IIS 7), learn common-sense recommendations that will immediately provide reliable value. Vista Security Tips Have a healthy sense of paranoia Understand and apply the basics properly Use longer passwords. No, longer than that Use admin privilege very sparingly Don't believe Internet Explorer Protected Mode will stop all attacks Don't believe DEP can stop all attacks Don't believe any technology can stop all attacks

As the global leader in information security education and certification, (ISC)2 has a proven track record of educating and certifying information security professionals. Its newest certification, the Certified Secure Software Lifecycle Professional (CSSLP) is a testament to the organization's ongoing commitment to information and software security

"What makes this book so important is that it reflects the experiences of two of the industry's most experienced hands at getting real-world engineers to understand just what they're being asked for when they're asked to write secure code. The book reflects Michael Howard's and David LeBlanc's experience in the trenches working with developers years after code was long since shipped, informing them of problems." --From the Foreword by Dan Kaminsky, Director of Penetration Testing, IOActive Eradicate the Most Notorious Insecure Designs and Coding Vulnerabilities Fully updated to cover the latest security issues, 24 Deadly Sins of Software Security reveals the most common design and coding errors and explains how to fix each one-or better yet, avoid them from the start. Michael Howard and David LeBlanc, who teach Microsoft employees and the world how to secure code, have partnered again with John Viega, who uncovered the original 19 deadly programming sins. They have completely revised the book to address the most recent vulnerabilities and have added five brand-new sins. This practical guide covers all platforms, languages, and types of applications. Eliminate these security flaws from your code: SQL injection Web server- and client-related vulnerabilities Use of magic URLs, predictable cookies, and hidden form fields Buffer overruns Format string problems Integer overflows C++ catastrophes Insecure exception handling Command injection Failure to handle errors Information leakage Race conditions Poor usability Not updating easily Executing code with too much privilege Failure to protect stored data Insecure mobile code Use of weak password-based systems Weak random numbers Using cryptography incorrectly Failing to protect network traffic Improper use of PKI Trusting network name resolution

All over the world, Windows gurus have been working overtime to uncover the hottest new Windows Vista tips, tricks, and tweaks. Now, J. Peter Bruzzese has collected all their best discoveries in one place: Tricks of the Microsoft® Windows VistaTM Masters! Bruzzese has interviewed top Windows professionals, instructors, and power users; scoured the Web (so you won't have to); and rigorously tested every single tip. Only the most valuable tips tecnhiques and tips made the cut to improve your efficiency, take total control of your digital media and data; use Internet Explorer 7, Windows Mail, and Calendar; configure Windows Defender and Firewall; avoid, troubleshoot, and fix problems; make Windows Vista work better, faster, smarter, safer, and more fun too! Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 General Tips and Tricks of the Masters . . . . . . . . . . . . . . . . . 7 2 Mastering the Control Panel . . . . . . . . . . . . . . . . . . . . . . . . . . 51 3 Mastering Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 4 Security Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 5 Disk Configuration and Volume Tricks . . . . . . . . . . . . . . . . . 181 6 Office 2007 Tricks for Vista Masters . . . . . . . . . . . . . . . . . . . . 209 7 Master Vista Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233 8 System Recovery and Diagnostic Tricks . . . . . . . . . . . . . . . . 259 9 Mastering the New Vista Apps . . . . . . . . . . . . . . . . . . . . . . . . 297 10 Group Policy Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

Application vulnerabilities continue to top the list of cyber security concerns. While attackers and researchers continue to expose new application vulnerabilities, the most common application flaws are previous, rediscovered threats. The text allows readers to learn about software security from a renowned security practitioner who is the appointed software assurance advisor for (ISC)2. Complete with numerous illustrations, it makes complex security concepts easy to understand and implement. In addition to being a valuable resource for those studying for the CSSLP examination, this book is also an indispensable software security reference for those already part of the certified elite. A robust and comprehensive appendix makes this book a time-saving resource for anyone involved in secure software development.