Press Release


Print. Print

Email. Email press release link

July 22, 2003

Addressing Windows' Vulnerabilities at the Application Level: O'Reilly Releases "Programming .NET Security"

Sebastopol, CA--When independent researchers found a flaw in Windows Server 2003 recently, they underscored the central fact in the computer industry today: now that the .NET Framework and other platforms support highly distributed systems and web-based server applications that are inherently more difficult to protect, security is an issue that everyone involved needs to address. Despite the flaw, Microsoft's .NET platform is by far its most secure, and according to Adam Freeman, coauthor of Programming .NET Security (O'Reilly, US $44.95), the majority of security lapses are in fact owing to carelessness or lack of experience on the part of application developers.

"Programmers have traditionally treated security as an afterthought, but there is a growing appreciation that security is a requirement, not an option, that should be integrated into the development process," Freeman explains. "The simple fact is that architects and programmers cannot ignore security when developing a .NET application, because security is at the core of the .NET Framework. The better informed they are, the more secure their projects will be."

Freeman and coauthor Allen Jones wrote "Programming .NET Security" as both a tutorial and complete reference to security issues for .NET application development, to save developers from having to rely on Microsoft's "unclear and confusing" documentation. The book offers numerous practical examples for writing secure applications in both the C# and VB.NET languages.

Throughout the book, Freeman and Jones rely on their years of experience in applying security policies and developing some of the world's largest and most complex applications for NASDAQ, Sun Microsystems, Netscape, Microsoft, and others. Before detailing .NET's large collection of security tools and recommendations, their book explains key concepts and common design patterns that developers must understand if they are to build applications that can survive in a hostile, networked world. One chapter discusses typical software development phases, and the opportunities each phase provides for uncovering vulnerabilities and defending against them.

"Programming .NET Security" then explores .NET security features systematically, including runtime support, evidence, code identity, permissions, Code Access Security (CAS), and role-based security. An entire section is devoted to .NET support for cryptography, and other chapters deal with features unique to ASP.NET and COM+ component services. The book also includes an API Quick Reference to all the types of the principal security-related namespaces of the .NET class libraries.

As longtime proponents of "end-to-end" security, Freeman and Jones implore programmers to focus not only on the security of their applications, but also on wider real-world aspects that can affect it. Users who are careless with their passwords, for instance, can compromise any security policies that developers put in place. And, most appropriate given the news on Microsoft, developers must be aware of any vulnerability in third party software they rely on. Explains Freeman, "When thinking about security, you must give consideration to motivation, both of the potential users and the potential attackers."

Additional Resources:

Programming .NET Security
Adam Freeman and Allen Jones
ISBN 0-596-00442-7, 693 pages, $44.95 US, $69.95 CA, 31.95 UK
order@oreilly.com
1-800-998-9938; 1-707-827-7000

About O'Reilly

O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.

Return to: O'Reilly Press Room

Recent Press Releases


2/26/14 Solid Heralds the Merging of the Physical and Virtual Worlds
2/4/14 O'Reilly Media & Safari Books Online Donate Over $100 Million in Technology Education Resources to US K-12 Schools
12/3/13 Windows 8.1: The Missing Manual--New from O'Reilly Media
11/20/13 iPad: The Missing Manual, 6th Edition--New from O'Reilly
11/7/13 Designing for Behavior Change--New from O'Reilly

Press Release Archive »

Resources

Press Contacts

Corporate

Sara Winge
800/998-9938 x7109

Media Relations - North America

Sara Peyton
800/998-9938 x7118

Media Relations - Germany

Corina Pahrmann
+49-221-973160-22

Media Relations - Japan

Kenji Watari
+81-3-3356-5227

Media Relations - United Kingdom

Helen Coding
+44 (0)1252-721284

Media Relations - Conferences

Maureen Jennings
800/998-9938 x7083