book

Programming .NET Security

by Adam Freeman, Allen Jones

June 2003

Intermediate to advanced

714 pages

22h 8m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Dedication
A Note Regarding Supplemental Files
Preface
How This Book Is OrganizedPart I: FundamentalsPart II: .NET SecurityPart III: .NET CryptographyPart IV: .NET Applications FrameworksPart V: API Quick ReferenceWho Should Read This BookAssumptions This Book MakesConventions Used in This BookHow to Contact Us
I. Fundamentals
1. Security Fundamentals
1.1. The Need for Security1.2. Roles in Security1.2.1. The Business Sponsor1.2.2. The Architect1.2.3. The Programmer1.2.4. The Security Tester1.2.5. The System Administrator1.2.6. The User1.2.7. The Hacker/Cracker1.3. Understanding Software Security1.3.1. Restricted Resources1.3.2. Trust1.3.3. Secrets1.3.3.1. The lifetime of secrets1.3.3.2. Protecting secrets1.4. End-to-End Security1.4.1. Real-World Trust Relationships1.4.2. Side Channels1.4.3. Physical Security1.4.4. Third-Party Software
2. Assemblies
2.1. Assemblies Explained2.2. Creating Assemblies2.2.1. Creating a Single-File Assembly2.2.2. Creating a Multifile Assembly2.3. Shared Assemblies2.4. Strong Names2.4.1. Creating a Key Pair2.4.2. Creating an Assembly Strong Name2.4.2.1. Specifying the version and culture metadata2.4.2.2. Specifying the key pair2.4.2.3. Creating the strong name2.4.2.4. Creating a strong name for a multifile assembly2.4.3. Delayed Signing2.4.4. Verifying a Strong Name2.5. Publisher Certificates2.5.1. Using the Global Assembly Cache2.6. Decompiling Explained2.6.1. Decompiling Assemblies2.6.2. Protecting Against Decompilation2.6.2.1. Obfuscation2.6.2.2. Native compilation
3. Application Domains
3.1. Application Domains Explained3.1.1. Application Isolation in the .NET Framework3.1.2. Application Domain and Assembly Management3.1.3. Assembly Isolation with Application Domains3.1.4. Application Domains and Runtime Security3.1.4.1. Assembly evidence and identity3.1.4.2. Application domain evidence and identity3.1.4.3. Application domains and security policy3.1.4.4. Role-based security3.1.4.5. Application domains and isolated storage3.1.5. Application Domains and Application Configuration
4. The Lifetime of a Secure Application
4.1. Designing a Secure .NET Application4.1.1. Identifying Restricted Resources4.1.2. Identifying Trust4.1.3. Identifying Secrets4.1.4. Failing Gracefully4.2. Developing a Secure .NET Application4.3. Security Testing a .NET Application4.4. Deploying a .NET Application4.5. Executing a .NET Application4.6. Monitoring a .NET Application
II. .NET Security
5. Introduction to Runtime Security
5.1. Runtime Security Explained5.1.1. Running Unverifiable and Native Code5.2. Introducing Role-Based Security5.3. Introducing Code-Access Security5.3.1. Evidence, Security Policy, and Permissions5.3.2. Windows Security and Code-Access Security5.4. Introducing Isolated Storage

6. Evidence and Code Identity
6.1. Evidence Explained6.1.1. Sources and Types of Evidence6.1.1.1. Host evidence6.1.1.2. Assembly evidence6.2. Programming Evidence6.2.1. Introduction to Evidence Programming6.2.2. Using the Evidence Class6.2.3. Using the Standard Evidence Classes6.2.3.1. The ApplicationDirectory class6.2.3.2. The Hash class6.2.3.3. The Publisher class6.2.3.4. The Site class6.2.3.5. The StrongName class6.2.3.6. The Url class6.2.3.7. The Zone class6.2.4. Viewing Evidence6.2.5. Assigning Evidence to Assemblies6.2.6. Assigning Evidence to Application Domains6.3. Extending the .NET Framework6.3.1. Creating Custom Evidence6.3.1.1. Defining the Author evidence class6.3.1.2. Using the SecurityElement Class6.3.1.3. Building the Author evidence class6.3.2. Using Custom Evidence6.3.2.1. Making the Author assembly a fully trusted assembly6.3.2.2. Serializing evidence6.3.2.3. Embedding evidence in an assembly6.3.3. The Next Steps in Customization
7. Permissions
7.1. Permissions Explained7.1.1. Granting Permissions7.1.2. Requesting Permissions7.1.3. Permission Types7.1.3.1. Code-access permissions7.1.3.2. Identity permissions7.1.4. Enforcing Code-Access Security7.1.4.1. Stack walks explained7.2. Programming Code-Access Security7.2.1. Security Statement Syntax7.2.1.1. Imperative security statements7.2.1.2. Declarative security statements7.2.2. Programming Permissions7.2.2.1. Common permission class functionality7.2.2.2. Using the SecurityPermission class7.2.3. Programming Permission Sets7.2.4. Programming Permission Requests7.2.4.1. Requesting minimum permission7.2.4.2. Requesting optional permissions7.2.4.3. Refusing permissions7.2.5. Programming Permission Demands7.2.5.1. Demand7.2.5.2. LinkDemands7.2.5.3. Inheritance demands7.2.6. Manipulating Stack Walks7.2.6.1. Assert7.2.6.2. Deny7.2.6.3. PermitOnly7.2.6.4. Reverting overrides7.3. Extending the .NET Framework7.3.1. Creating Custom Code-Access Permissions7.3.1.1. Designing the RadioPermission class7.3.1.2. Defining imports and assembly scope attributes7.3.1.3. Defining the RadioAction enumeration7.3.1.4. Defining the RadioPermission class7.3.1.5. Implementing the IUnrestrictedPermission interface7.3.1.6. Implementing the IPermission interface7.3.1.7. Implementing the ISecurityEncodable interface7.3.1.8. Defining the RadioPermissionAttribute class7.3.1.9. Building the Radio.dll library7.3.1.10. Using RadioPermission to enforce security
8. Security Policy
8.1. Security Policy Explained8.1.1. Security Policy Levels8.1.1.1. Code groups8.1.1.2. Named permission sets8.1.1.3. Fully trusted assemblies8.1.2. Policy Resolution8.1.2.1. Code group attributes8.1.3. Configuring Security Policy8.2. Programming Security Policy8.2.1. Programming Code Groups8.2.1.1. Programming membership conditions8.2.1.2. Programming policy statements8.2.1.3. Creating code groups8.2.2. Programming Policy Levels8.2.2.1. Managing fully trusted assemblies8.2.2.2. Managing named permission sets8.2.2.3. Managing the code group tree8.2.3. Programming the Security Manager8.2.4. Programming Application Domain Policy8.3. Extending the .NET Framework8.3.1. Custom Membership Conditions Explained8.3.2. Defining the AuthorMembershipCondition Class8.3.3. Building the AuthorMembershipCondition Assembly8.3.4. Using the AuthorMembershipCondition Membership Condition8.3.4.1. Installing security assemblies8.3.4.2. Generating AuthorMembershipCondition XML8.3.4.3. Configuring security policy8.3.5. Testing Custom Membership Conditions
9. Administering Code-Access Security
9.1. Default Security Policy9.1.1. Security Policy Files9.1.2. Named Permission Sets9.1.3. Enterprise and User Policy Code Groups9.1.4. Machine Policy Code Groups9.1.5. Fully Trusted Assemblies9.2. Inspecting Declarative Security Statements9.3. Using the .NET Framework Configuration Tool9.3.1. Managing Fully Trusted Assemblies9.3.1.1. Adding a fully trusted assembly9.3.1.2. Deleting a fully trusted assembly9.3.2. Managing Named Permission Sets9.3.2.1. Creating named permission sets9.3.3. Managing Code Groups9.3.3.1. Creating code groups9.3.4. Other Security Policy Administration Options9.4. Using the Code-Access Security Policy Tool9.4.1. Controlling the Security System9.4.1.1. Switching code-access security on and off9.4.1.2. Switching execution permission checks on and off9.4.2. Administering Policy Levels9.4.2.1. Specifying the target policy level9.4.2.2. Specifying the target code group9.4.2.3. Managing fully trusted assemblies9.4.2.4. Managing named permission sets9.4.2.5. Managing code groups9.4.3. Evaluating Security Policy9.4.4. Forcing Security Changes9.4.5. Resetting Security Policy
10. Role-Based Security
10.1. Role-Based Security Explained10.1.1. .NET Role-Based Security Explained10.1.2. Comparing .NET Role-Based Security and Windows Security10.2. Programming Role-Based Security10.2.1. Introducing the IIdentity and IPrincipal Interfaces10.2.2. Determining the Current Principal10.2.3. Programming the Windows Role-Based Security Implementation10.2.3.1. Configuring the current WindowsPrincipal10.2.3.2. Impersonating Windows users10.2.4. Making Role-Based Security Demands10.2.4.1. Using imperative role-based security statements10.2.4.2. Using declarative role-based security statements10.2.5. Programming the Generic Role-Based Security Implementation10.2.5.1. Configuring the current GenericPrincipal
11. Isolated Storage
11.1. Isolated Storage Explained11.1.1. Levels of Isolation11.1.1.1. Determining user and code identity11.1.1.2. Isolation by user and assembly11.1.1.3. Isolation by user, assembly, and application domain11.1.2. Limitations of Isolated Storage11.2. Programming Isolated Storage11.2.1. Isolated Storage and Code-Access Security11.2.2. Obtaining a Store11.2.3. Creating Directories11.2.4. Creating, Reading, and Writing Files11.2.5. Searching for Files and Directories11.2.6. Deleting Files and Directories11.2.7. Deleting Stores11.3. Administering Isolated Storage11.3.1. Configuring Security Policy11.3.1.1. Granting isolated storage permissions with Mscorcfg.msc11.3.1.2. Granting isolated storage permissions with Caspol.exe11.3.2. Managing Isolated Storage Stores
III. .NET Cryptography
12. Introduction to Cryptography
12.1. Cryptography Explained12.1.1. Confidentiality12.1.2. Integrity12.1.3. Authentication12.2. Cryptography Is Key Management12.3. Cryptographic Attacks12.3.1. Brute Force Attacks, Theft, and Guessing12.3.2. Cryptanalysis12.3.3. Software Bugs
13. Hashing Algorithms
13.1. Hashing Algorithms Explained13.1.1. Creating a Hash Code13.1.2. Message Limits13.1.3. Hash Code Length13.1.4. The .NET Framework Hashing Algorithms13.2. Programming Hashing Algorithms13.2.1. The HashAlgorithm Class13.2.2. Instantiating the Algorithm13.2.3. Hashing Data from Memory13.2.4. Hashing Streamed Data13.2.5. Validating Hash Codes13.3. Keyed Hashing Algorithms Explained13.3.1. Creating the Keyed Hash Code13.3.1.1. HMAC algorithms13.3.1.2. Block cipher hash codes13.3.2. The .NET Framework Keyed Hashing Algorithms13.4. Programming Keyed Hashing Algorithms13.4.1. The KeyedHashAlgorithm Class13.4.2. Instantiating the Algorithm13.4.3. Hashing Data and Validating Hash Codes13.5. Extending the .NET Framework13.5.1. The Alder32 Algorithm Explained13.5.2. Defining the Abstract Class13.5.3. Defining the Implementation Class13.5.3.1. Creating the implementation class13.5.3.2. Implementing the Initialize method13.5.3.3. Implementing the HashCore and HashFinal methods13.5.3.4. Completing the class13.5.3.5. Testing the implementation
14. Symmetric Encryption
14.1. Encryption Revisited14.2. Symmetric Encryption Explained14.2.1. Creating the Encrypted Data14.2.2. Cipher Modes14.2.2.1. Electronic Codebook mode14.2.2.2. Cipher block chaining14.2.2.3. Cipher feedback mode14.2.3. Block Padding14.2.4. Symmetric Encryption Key Lengths14.2.5. The .NET Framework Encryption Algorithms14.3. Programming Symmetrical Encryption14.3.1. The SymmetricAlgorithm Class14.3.2. Instantiating the Algorithm14.3.3. Configuring the Algorithm14.3.3.1. Block and key sizes14.3.3.2. Cipher and padding modes14.3.3.3. Keys and initialization vectors (IVs)14.3.4. Encrypting and Decrypting Data14.4. Extending the .NET Framework14.4.1. The Extended Tiny Encryption Algorithm Explained14.4.2. Defining the Abstract Class14.4.3. Defining the Implementation Class14.4.4. Defining an Abstract Transformation14.4.5. Defining the Encryption Transformation14.4.6. Defining the Decryption Transformation
15. Asymmetric Encryption
15.1. Asymmetric Encryption Explained15.1.1. Creating Asymmetric Keys15.1.2. Asymmetric Algorithm Security15.1.3. Creating the Encrypted Data15.1.3.1. Asymmetric data padding15.2. Programming Asymmetrical Encryption15.2.1. The AsymmetricAlgorithm class15.2.2. The RSA class15.2.3. The RSACryptoServiceProvider Class15.2.4. Instantiating the Algorithm15.2.5. Using RSA Keys15.2.6. Encrypting and Decrypting Data15.3. Extending the .NET Framework15.3.1. The ElGamal Algorithm Explained15.3.1.1. ElGamal key generation protocol15.3.1.2. ElGamal encryption and decryption functions15.3.2. Processing Large Integer Values15.3.3. Defining the Abstract Class15.3.4. Defining the Implementation Class15.3.5. Defining the Abstract Cipher Function Class15.3.6. Defining the Encryption Class15.3.7. Defining the Decryption Class15.3.8. Testing the Algorithm
16. Digital Signatures
16.1. Digital Signatures Explained16.1.1. Digital Signature Security16.1.2. The .NET Framework Digital Signature Algorithms16.1.3. Creating Digital Signatures16.2. Programming Digital Signatures16.2.1. Using the Abstract Class16.2.2. Using the Implementation Class16.2.3. Using the Signature Formatter Classes16.3. Programming XML Signatures16.3.1. XMLDSIG Explained16.3.2. Signing an XML Document16.3.2.1. Creating the reference16.3.2.2. Creating the SignedXML16.3.2.3. Setting the signing algorithm16.3.2.4. Creating the signature16.3.3. Embedding Objects in the Signature16.3.4. Verifying an XML Signature16.4. Extending the .NET Framework16.4.1. The ElGamal Signature Functions Explained16.4.2. Defining the Signature Function Class16.4.3. Implementing the Managed Class Methods16.4.4. Defining the PKCS #1 Helper Class16.4.5. Defining the Signature Formatter Class16.4.6. Defining the Signature Deformatter Class16.4.7. Testing the Algorithm
17. Cryptographic Keys
17.1. Cryptographic Keys Explained17.1.1. Understanding Key Complexity17.1.2. Exchanging Symmetric Algorithm Keys17.2. Programming Cryptographic Keys17.2.1. Creating Keys17.2.1.1. Using the algorithm classes17.2.1.2. Using a random number generator17.2.1.3. Using a key-derivation protocol17.2.2. Using Key Persistence17.2.3. Key Exchange Formatting17.3. Extending the .NET Framework17.3.1. ElGamal Key Exchange Explained17.3.2. Defining the Key Exchange Formatter17.3.3. Defining the Key Exchange Deformatter
IV. .NET Application Frameworks
18. ASP.NET Application Security
18.1. ASP.NET Security Explained18.1.1. ASP.NET Security Overview18.1.2. ASP.NET Configuration Files18.1.2.1. ASP.NET security-related configuration elements18.1.2.2. Using <location> elements18.2. Configuring the ASP.NET Worker Process Identity18.3. Authentication18.3.1. Configuring IIS Authentication Modes18.3.2. No Authentication18.3.3. Windows Authentication18.3.4. Forms Authentication18.3.4.1. Configuring Forms authentication18.3.4.2. Creating the logon page18.3.4.3. Creating the protected page18.3.5. Passport Authentication18.4. Authorization18.4.1. File Authorization18.4.2. URL Authorization18.5. Impersonation18.6. ASP.NET and Code-Access Security
19. COM+ Security
19.1. COM+ Security Explained19.1.1. COM+ Role-Based Security19.1.2. COM+ Process-Access Security19.1.2.1. Authentication19.1.2.2. Impersonation19.2. Programming COM+ Security19.2.1. Creating the Serviced Component19.2.2. Specifying the COM+ Application Type19.2.3. Applying the Security Attributes19.2.3.1. The ApplicationAccessControl attribute19.2.3.2. The ComponentAccessControl Attribute19.2.3.3. The SecurityRole attribute19.2.3.4. The SecureMethod attribute19.2.4. Compiling and Installing the COM+ Application19.3. Administering COM+ Security19.3.1. Viewing the COM+ Catalogue19.3.2. Populating COM+ Application Roles19.3.3. Assessing and Assigning Role Scope19.3.4. Managing COM+ Security19.3.4.1. Managing the application19.3.4.2. Managing the component
20. The Event Log Service
20.1. The Event Log Service Explained20.1.1. Event Logs20.1.2. Event Sources20.1.3. Event Structure20.1.3.1. Event source name20.1.3.2. Message20.1.3.3. Event type20.1.3.4. Event identifier and event category20.1.3.5. Binary data20.2. Programming the Event Log Service20.2.1. Querying the Event Log System20.2.2. Using Event Sources20.2.3. Reading Event Logs20.2.4. Writing Events20.2.5. Using Custom Event Logs20.2.6. Monitoring Event Logs
V. API Quick Reference
21. How to Use This Quick Reference
21.1. Finding a Quick-Reference Entry21.2. Reading a Quick-Reference Entry21.2.1. Type Name, Namespace, Assembly, Type Category, and Flags21.2.2. Description21.2.3. Synopsis21.2.3.1. Member availability and flags21.2.3.2. Functional grouping of members21.2.4. Class Hierarchy21.2.5. Cross-References21.2.6. A Note About Type Names
22. Converting from C# to VB Syntax
22.1. General Considerations22.2. Classes22.3. Structures22.4. Interfaces22.5. Class, Structure, and Interface Members22.5.1. Fields22.5.2. Methods22.5.3. Properties22.5.4. Events22.6. Delegates22.7. Enumerations
23. The System.Security Namespace
AllowPartiallyTrustedCallersAttribute
CodeAccessPermission
IEvidenceFactory
IPermission
ISecurityEncodable
ISecurityPolicyEncodable
IStackWalk
NamedPermissionSet
PermissionSet
PolicyLevelType
SecurityElement
SecurityException
SecurityManager
SecurityZone
SuppressUnmanagedCodeSecurityAttribute
UnverifiableCodeAttribute
VerificationException
XmlSyntaxException
24. The System.Security.Cryptography Namespace
AsymmetricAlgorithm
AsymmetricKeyExchangeDeformatter
AsymmetricKeyExchangeFormatter
AsymmetricSignatureDeformatter
AsymmetricSignatureFormatter
CipherMode
CryptoAPITransform
CryptoConfig
CryptographicException
CryptographicUnexpectedOperationException
CryptoStream
CryptoStreamMode
CspParameters
CspProviderFlags
DeriveBytes
DES
DESCryptoServiceProvider
DSA
DSACryptoServiceProvider
DSAParameters
DSASignatureDeformatter
DSASignatureFormatter
FromBase64Transform
FromBase64TransformMode
HashAlgorithm
HMACSHA1
ICryptoTransform
KeyedHashAlgorithm
KeySizes
MACTripleDES
MaskGenerationMethod
MD5
MD5CryptoServiceProvider
PaddingMode
PasswordDeriveBytes
PKCS1MaskGenerationMethod
RandomNumberGenerator
RC2
RC2CryptoServiceProvider
Rijndael
RijndaelManaged
RNGCryptoServiceProvider
RSA
RSACryptoServiceProvider
RSAOAEPKeyExchangeDeformatter
RSAOAEPKeyExchangeFormatter
RSAParameters
RSAPKCS1KeyExchangeDeformatter
RSAPKCS1KeyExchangeFormatter
RSAPKCS1SignatureDeformatter
RSAPKCS1SignatureFormatter
SHA1
SHA1CryptoServiceProvider
SHA1Managed
SHA256
SHA256Managed
SHA384
SHA384Managed
SHA512
SHA512Managed
SignatureDescription
SymmetricAlgorithm
ToBase64Transform
TripleDES
TripleDESCryptoServiceProvider
25. The System.Security.Cryptography.X509Certificates Namespace
X509Certificate
X509CertificateCollection
X509CertificateCollection.X509CertificateEnumerator
26. The System.Security.Cryptography.Xml Namespace
DataObject
DSAKeyValue
KeyInfo
KeyInfoClause
KeyInfoName
KeyInfoNode
KeyInfoRetrievalMethod
KeyInfoX509Data
Reference
RSAKeyValue
Signature
SignedInfo
SignedXml
Transform
TransformChain
XmlDsigBase64Transform
XmlDsigC14NTransform
XmlDsigC14NWithCommentsTransform
XmlDsigEnvelopedSignatureTransform
XmlDsigXPathTransform
XmlDsigXsltTransform
27. The System.Security.Permissions Namespace
CodeAccessSecurityAttribute
EnvironmentPermission
EnvironmentPermissionAccess
EnvironmentPermissionAttribute
FileDialogPermission
FileDialogPermissionAccess
FileDialogPermissionAttribute
FileIOPermission
FileIOPermissionAccess
FileIOPermissionAttribute
IsolatedStorageContainment
IsolatedStorageFilePermission
IsolatedStorageFilePermissionAttribute
IsolatedStoragePermission
IsolatedStoragePermissionAttribute
IUnrestrictedPermission
PermissionSetAttribute
PermissionState
PrincipalPermission
PrincipalPermissionAttribute
PublisherIdentityPermission
PublisherIdentityPermissionAttribute
ReflectionPermission
ReflectionPermissionAttribute
ReflectionPermissionFlag
RegistryPermission
RegistryPermissionAccess
RegistryPermissionAttribute
ResourcePermissionBase
ResourcePermissionBaseEntry
SecurityAction
SecurityAttribute
SecurityPermission
SecurityPermissionAttribute
SecurityPermissionFlag
SiteIdentityPermission
SiteIdentityPermissionAttribute
StrongNameIdentityPermission
StrongNameIdentityPermissionAttribute
StrongNamePublicKeyBlob
UIPermission
UIPermissionAttribute
UIPermissionClipboard
UIPermissionWindow
UrlIdentityPermission
UrlIdentityPermissionAttribute
ZoneIdentityPermission
ZoneIdentityPermissionAttribute
28. The System.Security.Policy Namespace
AllMembershipCondition
ApplicationDirectory
ApplicationDirectoryMembershipCondition
CodeGroup
Evidence
FileCodeGroup
FirstMatchCodeGroup
Hash
HashMembershipCondition
IIdentityPermissionFactory
IMembershipCondition
NetCodeGroup
PermissionRequestEvidence
PolicyException
PolicyLevel
PolicyStatement
PolicyStatementAttribute
Publisher
PublisherMembershipCondition
Site
SiteMembershipCondition
StrongName
StrongNameMembershipCondition
UnionCodeGroup
Url
UrlMembershipCondition
Zone
ZoneMembershipCondition
29. The System.Security.Principal Namespace
GenericIdentity
GenericPrincipal
IIdentity
IPrincipal
PrincipalPolicy
WindowsAccountType
WindowsBuiltInRole
WindowsIdentity
WindowsImpersonationContext
WindowsPrincipal
Index
About the Authors
Colophon
Copyright

Content preview from Programming .NET Security

Name

Reference

Synopsis

public class Reference {
// Public Constructors
   public Reference(  );
   public Reference(System.IO.Stream stream);
   public Reference(string uri);
// Public Instance Properties
   public string DigestMethod{set; get; }
   public byte[  ] DigestValue{set; get; }
   public string Id{set; get; }
   public TransformChain TransformChain{get; }
   public string Type{set; get; }
   public string Uri{set; get; }
// Public Instance Methods
   public void AddTransform(Transform transform);
   public XmlElement GetXml(  );
   public void LoadXml(System.Xml.XmlElement value);
}

Instances of this class act as a reference to the signed data, expressed as a URI (using the Uri property) or as a local reference to an instance of the DataObject class (using the Id property). References are associated with a signature through the SignedXml.AddReference( ) method.

Implementations of the Transform class can be added to a reference with the AddTransform( ) method; the transformations will be applied in order before the data is signed. The algorithm used to create the cryptographic hash code is set with the DigestMethod property—the default value is http://www.w3.org/2000/09/xmldsig#sha1, which specifies the SHA-1 hash algorithm.

Passed To

SignedInfo.AddReference( ), SignedXml.AddReference( )

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0596004427Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills