Comments on: Hacking the Code: Auditor’s Guide to Writing Secure Code for the Web http://www.securitt.com/hacking-the-code-auditors-guide-to-writing-secure-code-for-the-web Internet Security Consultant Services of West Virginia Wed, 08 Feb 2012 09:58:47 +0000 hourly 1 http://wordpress.org/?v= By: Garot M. Conklin http://www.securitt.com/hacking-the-code-auditors-guide-to-writing-secure-code-for-the-web/comment-page-1#comment-541 Garot M. Conklin Sat, 06 Feb 2010 05:46:56 +0000 http://www.securitt.com/hacking-the-code-auditors-guide-to-writing-secure-code-for-the-web/#comment-541 In my never ending attempt to educate myself on web application security I thought it would be a great idea to look at this from the developer perspective. This text is a great piece on the ASP.NET side of development and security. It does a great job of showing what the developer may normally code and why that is NOT security oriented. It is a great tool for bridging the gap between security team and developer team so that you can speak intelligently on both even though you are NOT a developer or security professional. If you have an ASP.NET dev shop in your environment you should have someone if not everyone from your dev and security teams read this book to facilitate a more open line of commination between the two. Highly recommended. Rating: 5 / 5 In my never ending attempt to educate myself on web application security I thought it would be a great idea to look at this from the developer perspective. This text is a great piece on the ASP.NET side of development and security. It does a great job of showing what the developer may normally code and why that is NOT security oriented. It is a great tool for bridging the gap between security team and developer team so that you can speak intelligently on both even though you are NOT a developer or security professional. If you have an ASP.NET dev shop in your environment you should have someone if not everyone from your dev and security teams read this book to facilitate a more open line of commination between the two. Highly recommended.
Rating: 5 / 5

]]> By: Carlos Perez http://www.securitt.com/hacking-the-code-auditors-guide-to-writing-secure-code-for-the-web/comment-page-1#comment-540 Carlos Perez Sat, 06 Feb 2010 03:52:45 +0000 http://www.securitt.com/hacking-the-code-auditors-guide-to-writing-secure-code-for-the-web/#comment-540 If one is programming any web application in ASP.Net this is the book to read. It is waht is spected from Mark Burnett. I find my self comming back to the book time a time again to get ideas on ways to make my code more secure. This is a must buy for anyone who writes web applications. Rating: 5 / 5 If one is programming any web application in ASP.Net this is the book to read. It is waht is spected from Mark Burnett. I find my self comming back to the book time a time again to get ideas on ways to make my code more secure. This is a must buy for anyone who writes web applications.
Rating: 5 / 5

]]> By: Bilen Çekiç http://www.securitt.com/hacking-the-code-auditors-guide-to-writing-secure-code-for-the-web/comment-page-1#comment-539 Bilen Çekiç Sat, 06 Feb 2010 02:33:45 +0000 http://www.securitt.com/hacking-the-code-auditors-guide-to-writing-secure-code-for-the-web/#comment-539 english is not my native language but this book has a clear language that is easy to understant and examples are very good. Writer tells many experiences that he faced at past about security, it's vulnarables and precautions. <br />I highly recommend this book. Rating: 5 / 5 english is not my native language but this book has a clear language that is easy to understant and examples are very good. Writer tells many experiences that he faced at past about security, it’s vulnarables and precautions.

I highly recommend this book.
Rating: 5 / 5

]]> By: Kevin Beaver http://www.securitt.com/hacking-the-code-auditors-guide-to-writing-secure-code-for-the-web/comment-page-1#comment-538 Kevin Beaver Sat, 06 Feb 2010 00:24:30 +0000 http://www.securitt.com/hacking-the-code-auditors-guide-to-writing-secure-code-for-the-web/#comment-538 Hacking the Code is a must read if you want to pick apart .NET Web applications in the name of better security. More people in development and IT need to read books like this. I like how it focuses on ASP.NET - the language that a large portion of Web applications are developed in today. The book covers the important areas of securing applications and shows some good examples. Appendix A also has some good ASP.NET code samples for real-world concerns. <br /> <br />I especially like the coverage on authentication mechanisms which is something that's often taken for granted by developers but where I tend to find a lot of the weaknesses in the work I do. Plus it doesn't just focus on the technical side of things with the coverage of users awareness and policies. Overall, very good at covering the root of many of our security problems. Rating: 4 / 5 Hacking the Code is a must read if you want to pick apart .NET Web applications in the name of better security. More people in development and IT need to read books like this. I like how it focuses on ASP.NET – the language that a large portion of Web applications are developed in today. The book covers the important areas of securing applications and shows some good examples. Appendix A also has some good ASP.NET code samples for real-world concerns.

I especially like the coverage on authentication mechanisms which is something that’s often taken for granted by developers but where I tend to find a lot of the weaknesses in the work I do. Plus it doesn’t just focus on the technical side of things with the coverage of users awareness and policies. Overall, very good at covering the root of many of our security problems.
Rating: 4 / 5

]]> By: A. Shefer http://www.securitt.com/hacking-the-code-auditors-guide-to-writing-secure-code-for-the-web/comment-page-1#comment-537 A. Shefer Fri, 05 Feb 2010 23:44:27 +0000 http://www.securitt.com/hacking-the-code-auditors-guide-to-writing-secure-code-for-the-web/#comment-537 The authors can't connect two words together. Don't waste money on this book. Rating: 1 / 5 The authors can’t connect two words together. Don’t waste money on this book.
Rating: 1 / 5

]]>