Michael Howard

This paper focuses on the security challenges and recommended approaches to design and develop more secure applications for Microsoft’s Windows Azure platform.

"What makes this book so important is that it reflects the experiences of two of the industry's most experienced hands at getting real-world engineers to understand just what they're being asked for when they're asked to write secure code. The book reflects Michael Howard's and David LeBlanc's experience in the trenches working with developers years after code was long since shipped, informing them of problems."

--From the Foreword by Dan Kaminsky

Get the definitive guide to writing more-secure code for Windows Vista—from the authors of the award-winning Writing Secure Code, Michael Howard and David LeBlanc. This reference is ideal for developers who understand the fundamentals of Windows programming and APIs. It complements Writing Secure Code, examining the delta between Windows XP and Windows Vista security. You get first-hand insights into design decisions, lessons learned from Windows Vista development, and practical advice for… Show more

Get the definitive guide to writing more-secure code for Windows Vista—from the authors of the award-winning Writing Secure Code, Michael Howard and David LeBlanc. This reference is ideal for developers who understand the fundamentals of Windows programming and APIs. It complements Writing Secure Code, examining the delta between Windows XP and Windows Vista security. You get first-hand insights into design decisions, lessons learned from Windows Vista development, and practical advice for solving real-world security issues. Show less

Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs—the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL—from education and design to testing and post-release. You get their first-hand insights, best practices, a… Show more

Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs—the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL—from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization. Show less

This essential book for all software developers--regardless of platform, language, or type of application--outlines the “19 deadly sins” of software security and shows how to fix each one. Best-selling authors Michael Howard and David LeBlanc, who teach Microsoft employees how to secure code, have partnered with John Viega, the man who uncovered the 19 deadly programming sins to write this much-needed book.

"Required Reading at Microsoft" - Bill Gates

WRITING SECURE CODE reveals the battle-tested secrets of two veritable code warriors–directly from the trenches of large-scale commercial software development. It's all here–from design pointers to specific code snippets, DCOM to .NET, the Win32® API to Web programming security, and more. Don't even consider going live with a Win32 application on the Internet without reading this book.

Security features is a strength of Microsoft Windows 2000, but until now, no one has presented a complete picture of Windows 2000 Web server, component-level, and database security features and considerations. DESIGNING SECURE WEB-BASED APPLICATIONS FOR MICROSOFT WINDOWS 2000 offers an integrated, authoritative, pragmatic, end-to-end view of Windows 2000 security topics. The book starts by providing a solid foundation in Windows 2000 security theory and concepts, explaining the key software… Show more

Security features is a strength of Microsoft Windows 2000, but until now, no one has presented a complete picture of Windows 2000 Web server, component-level, and database security features and considerations. DESIGNING SECURE WEB-BASED APPLICATIONS FOR MICROSOFT WINDOWS 2000 offers an integrated, authoritative, pragmatic, end-to-end view of Windows 2000 security topics. The book starts by providing a solid foundation in Windows 2000 security theory and concepts, explaining the key software design considerations for various categories and levels of security, and showing how isolated security "islands" interact. It explains core security issues such as risk analysis, threats, authentication, authorization, and privacy, and then discusses ways to apply the appropriate security to an application to mitigate risk. It covers a range of security technologies such as NTLM authentication, Kerberos authentication, SSL/TLS, CryptoAPI, ACLs, Active Directory(tm), Certificates, Web security capabilities, and COM+ security. Finally, the author uses Web services, certificates, components, and database access to build a Web-based application (included on a companion CD) to show how Windows 2000 security features work in concert to protect applications and data. Show less