"As usual, Keith masterfully explains complex security issues in down-to-earth and easy-to-understand language. I bet you'll reach for this book often when building your next software application."
--Michael Howard, coauthor, Writing Secure Code

"When it comes to teaching Windows security, Keith Brown is 'The Man.' In The .NET Developer's Guide to Windows Security, Keith has written a book that explains the key security concepts of Windows NT, Windows 2000, Windows XP, and Windows Server 2003, and teaches you both how to apply them and how to implement them in C# code. By organizing his material into short, clear snippets, Brown has made a complicated subject highly accessible."
--Martin Heller, senior contributing editor at Byte.com and owner of Martin Heller & Co.

"Keith Brown has a unique ability to describe complex technical topics, such as security, in a way that can be understood by mere mortals (such as myself). Keith's book is a must read for anyone attempting to keep up with Microsoft's enhancements to its security features and the next major version of .NET."
--Peter Partch, principal software engineer, PM Consulting

"Keith's book is a collection of practical, concise, and carefully thought out nuggets of security insight. Every .NET developer would be wise to keep a copy of this book close at hand and to consult it first when questions of security arise during application development."
--Fritz Onion, author of Essential ASP.NET with Examples in C#

The .NET Developer's Guide to Windows Security is required reading for .NET programmers who want to develop secure Windows applications. Readers gain a deep understanding of Windows security and the know-how to program secure systems that run on Windows Server 2003, Windows XP, and Windows 2000.

Author Keith Brown crystallizes his application security expertise into 75 short, specific guidelines. Each item is clearly explained, cross-referenced, and illustrated with detailed examples. The items build on one another until they produce a comprehensive picture of what tools are available and how developers should use them.

The book highlights new features in Windows Server 2003 and previews features of the upcoming version 2.0 of the .NET Framework. A companion Web site includes the source code and examples used throughout the book.

Topics covered include:

• Kerberos authentication

• Access control

• Impersonation

• Network security

• Constrained delegation

• Protocol transition

• Securing enterprise services

• Securing remoting

• How to run as a normal user and live a happy life

• Programming the Security Support Provider Interface (SSPI) in Visual Studio.NET 2005

Battle-scarred and emerging developers alike will find in The .NET Developer's Guide to Windows Security bona-fide solutions to the everyday problems of securing Windows applications.

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 16 Ratings

Windows Security is Difficult - 2008-10-05
Reviewer Rating:
Doug B from Minneapolis "A disconnected mess" has a point. The book does jump back and forth making it difficult to put together the "big picture." As a programmer I did not get the answer to my questions but as an analyst this was a good starting point for an understanding of Windows security. Also, I wish the book were updated to cover Server 2008 and Vista. Still the book is recommended reading for all who wish to get a better understanding of Windows security.

A disconnected mess - 2006-11-21
Reviewer Rating:
As a degreed, professional software developer, I found the book very weak in presenting a good explanation of how a programmer might make better use of Windows security.

The book is a series of 4-6 page chapters. The author constantly refers back and forth to the chapters: (item 24), (item 15) etc. There is no big picture, just page after page of alphabet soup.

I also found it annoying that the author uses 'her' instead of 'he'.

Must Read for .Net Security - 2006-07-16
Reviewer Rating:
I read the online book and then went out and purchased it here on Amazon. This is a awesome book. If you are new to security or your company is finally getting serious about security and you work in a .Net environment then this book is a must start resource. I cannot recall how many times I have recommended this book. I hope the author makes updates for .Net 2.0 as well as continues to extend the book online -- simply a great read!

the .NET developer's first line of defense - 2006-06-23
Reviewer Rating:

Excerpt from C# Online.NET Review (wiki.CSharp-Online.NET):
"I have read many Sgt. Joe Friday accounts of Windows security--"Just the facts, Ma'am"--; but, Windows security remained an occult subject to me. However, this book enables me to program security functions and to understand what I am doing. The book explains the user-based security of Windows operating systems based on Windows NT including Windows 2000, Windows XP Professsional, and Windows Server 2003."

Essential - 2007-08-19
Reviewer Rating:
This review refers to Brown's 2004 edition of "The .NET Developer's Guide to Windows Security".

Don't let the title fool you. For its size, this book is an excellent primer on Windows OS and network security for anyone. It is well-written in an entertaining style by a well-known and authoritative author in the field. I highly recommend this as a first read for anyone interested in Windows security as a programmer or administrator.

The book does provide valuable additional information to the .NET programmer, including useful examples in C#. I was able to use it to implement secure access to a database via a web service using Windows built-in security despite the fact that I was already in the middle of learning how to implement web services in the first place.

Due to its age, the book does not cover anything new to Windows Vista or Windows Server 2008. I'd still recommend this book until something equivalent (perhaps a 2nd edition?) good comes out covering those topics at both the Vista AND 2008 level. Alernatively I could see one using this short book as a primer and existing books on Vista and/or future books on 2008 as those become available. I foresee this book being a primary reference for me for quite some time.

Browse Similar Topics

Top Level Categories:
Internet/Online

Sub-Categories:
Internet/Online > Security