Programming Microsoft ASP.NET 2.0 Core Reference

Book Description

Delve into the core topics for ASP.NET 2.0 programming, mastering the essential skills and capabilities needed to build high-performance Web applications successfully. Well-known ASP.NET author Dino Esposito deftly builds your expertise with Web forms, Microsoft Visual Studio®, core controls, master pages, data access, data binding, state management, security services, and other must-know topics—combining definitive reference with practical, hands-on programming instruction. Packed with expert guidance and pragmatic examples, this CORE REFERENCE delivers the key resources you need to develop professional-level Web programming skills.

Customer Reviews:

Terrible Book - Don't Waste Your Money.......2007-10-01

WAY TOO MUCH FLUFF. Buried in all of this filler text are obfuscated details of the language. There are no real examples that can be followed. I wish I could get a refund because I really feel like I wasted my money.

Great!!.......2007-01-17

Even though I haven't finished this book (not enough time in the year), it's a very well written book. Not too hard to read, but complete and covers a ton of information. Highly recommended.

Disappointing.......2006-11-11

Learning to program is a hands-on activity. The best teaching texts are those that provide example programs which the student can reproduce, tinker with, and observe, to learn the concepts illustrated thereby.

Unfortunately this book does not take that pedagogical approach. The textual descriptions are high-level, supplemented by abstract and simplified diagrams, as well as tables that list in exhaustive (and exhausting) detail the various classes, their methods, properties, &c. One looks in vain however for a good program to illustrate how an actual ASP.Net website might work (I gave up looking after Part I).

The author advises that this book should not be the first to be read on the subject of ASP.Net 2.0. Accordingly, I read a more basic text on the subject, which, through well-constructed sample programs, gave me a firm grasp of the basics and whetted my appetite to learn more advanced techniques I could use to build practical websites. I hoped this book would supply those techniques, but I was disappointed.

This book might be of use to a developer who already knows the essentials of ASP.Net 2.0, and needs a desk reference for use in day-to-day programming tasks. As a learning tool, it is about as useful as trying to learn a foreign language by reading a dictionary.

Errors and omissions.......2006-07-27

The discussion on how to use the new SqlCacheDependency class is wrong. The book claimed (in page 623) that "with SQL Server 2005 no setup work is needed and no external objects must be added to the Database.". In reality, you need to setup several permissions in the database side. In addition, you have to make sure that the compatibility level of your database is set to 90.

The source code example in page 622 will not work. The reason is that the SqlCacheDependency object was created after the command was executed. SqlCacheDependency must be created and linked to the command object BEFORE executing the command.

Further, the book made no mention of the requirements of the SQL statement of the command to be linked to the SqlCacheDependencyObject (e.g. you cannot use *, and table names must be qualified with its owner). If you do not follow these SQL rules, caching using the SqlCacheDependency will not work.

I have not finished reading the book; I don't think I will have motivation to do that. I'm not very confident that what I'll be reading is accurate because of the above errors and omissions.

Does what it says on the cover.......2006-07-18

This book is an excellent introduction to the facilitites available in ASP.NET 2.0. It covers simple topics such as HTML controls, WebControls, page lifecycle etc, and also goes a little deeper to discuss details of providers, personalisation & master pages to name but a few. There are also several chapters devoted to displaying data using ADO.Net which are useful. There's also a good chapter on ASP.NET security. Most if not all of this information is available on the web, however having a single book that covers these topics is well worthwhile - it's a great book to have by your side when you are writing ASP.NET sites.

Professional Active Server Pages 3.0 (Programmer to Programmer)

Average customer rating:

Good for reference, not for studying.
Need to know ASP? Get this book.
The BEST book for classical ASP
Excellent, A True God Send
good reference book

Professional Active Server Pages 3.0 (Programmer to Programmer)
Alex Homer , David Sussman , Brian Francis , George Reilly , Dino Esposito , Craig McQueen , Simon Robinson , Richard Anderson , Andrea Chiarelli , Chris Blexrud , Bill Kropog , John Schenken , Matthew Gibbs , Dean Sonderegger , and Dan Denault
Manufacturer: Peer Information
ProductGroup: Book
Binding: Paperback

Look Inside Computer Books | Trip | Specialty Stores | Books

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books

Professional | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 1861002610

Amazon.com

The team behind Professional Active Server Pages 2.0 has written a definitive guide for the latest version of ASP included with Windows 2000. This lengthy text offers a comprehensive look at the technology and is geared toward seasoned professionals looking to truly master this important development platform. The team of authors touch on almost every topic a working ASP coder might be interested in, including what to do when "it all goes wrong."

This title is divided into six sections that focus on key aspects of ASP: the basics, ActiveX Data Objects (ADO), building components for ASP, integration with BackOffice, security/performance/scalability, and reference material. This organization makes the book useful for both lengthy reads and quick daily reference. The index and set of appendices are also quite comprehensive.

Code snippets of judicious size and summary boxes with key information such as errors and function calls make the reading productive without being distracting. Most of the material is presented in a structured topical tutorial; however, an excellent XML newspaper case study provides a real-world perspective on XML and ASP.

While a number of working programmers authored this guide, the group's expertise has been well-integrated to read consistently. The team provides some error-preventing programming procedures such as formatting and indenting code, being "Explicit" about declarations, converting variables to the appropriate data types, using good variable naming conventions, encapsulating script, and more. Whether you're looking for information on utilizing components, implementing certificates, or working with Active Directory, you'll find answers in this fine work. --Stephen W. Plain

Topics covered: ASP basics and versions, Active Server Components, ADO, XML data, components, COM/COM+, ASP Script Components, C++ component issues, ADSI and Active Directory, Message Queue Server, Collaboration Data Objects, Exchange Server integration, certificates, performance optimization, site load balancing, and ASP Object Model.

Book Description

This book is about Active Server Pages 3.0, as included with Windows 2000. However, because ASP is now a core part of so many Web-oriented features within Windows, this book covers a far wider area than just how ASP works. ASP is maturing all the time to encompass more integration with other Windows services and software, and so there are many other areas that impinge directly on the use and performance of ASP.

In particular this involves the Windows operating system itself, including the new security features of Windows 2000, and the Internet server software that comes with Windows 2000 - Internet Information Server (IIS). On top of this are the other less obvious services, which also have a direct or indirect effect on the way that ASP works. These include COM+, the various Internet service administration tools, and (indirectly) the many other services and installed software packages that either provide additional functionality to ASP, or which have interfaces that are available for use in ASP.

So, as well as chapters all about the roots of ASP, the base object structure, and how it's used, you'll also see chapters that demonstrate the many different ways that ASP integrates seamlessly with other software and services in Windows. One of the most obvious of these is access to data in a relational database or other type of data store (such as Active Directory), and you'll see several chapters devoted to these topics.

We'll also explore the intimate relationship between Internet Information Server and COM and the new COM+, and see how ASP has changed the way that it hosts and executes external components to provide better performance and scalability. This also affects the way that components are designed and built, and we'll be exploring this topic in some depth as well.

Customer Reviews:

Good for reference, not for studying........2003-12-10

This book covers most of topic you may need. So, you can use it as a reference on ASP3. But it is not for beginner or for studying from a ground. It is quite hard-to-read, not explained in-depth, and it made me quite ???.

Need to know ASP? Get this book........2003-08-01

A bit outdated now with .Net, but I still get this ol' book out once in a while.

The BEST book for classical ASP.......2003-04-23

Obsolete??? Hardly. As I write this review, new Web page technologies are being matured: jsp, php, chm (yech). New models are being matured: Servlets, STRUTS, .NET. Classical ASP 3.0 is still quick, fast and necessary for small to medium businesses, even enterprise-level webpages. There's no better book to learn all the standards, applications, basics, and advanced capabilities of ASP than THIS book.

I love Wrox. I started with their Beginning ASP 2.0 book (how I learned). This book, a bit more advanced but in the beginning level, is still all you need to get things going from single tiered applications to multi-tiered, database driven apps. It goes into COM objects and other MS Services like Index. Really a one-stop book.

With this book and Google you have all the reference you need.

Note: ASP 3.0 is in no way, shape, or form similar to ASP.net.

A small, tiny complaint about this book is that it can be a bit wordy...just a tad. And the index in the back could use a bit more improvement. The info's still in there.

Excellent, A True God Send.......2003-04-19

If this book had nothing more than the asptable component in chapter 16, it would still be worth the extremely high price of all wrox press books. But the book has so many useful examples that you can build on.

My only experience has been a few intranets. And I always had bought the beginners series books because I didn't feel I was at the professional level. Well, this book showed me the reason I felt that way was because I didn't know the power of ASP.

If you have been playing around with ASP and really want to move forward, stop playing with the beginners and harness the power of ASP.

good reference book.......2003-02-03

As you I go along developing my web app, this book answers most of my questions, fexample, how to unload/load your application when you want to unload your dll from the application and vice versa. Before finding the answer in this book, I just rebooted the server. Along the way, it always answers my question to perplexing problems that I stumble upon, i.e why isn't my web app preserved the session id.

I have to admit that this is not a book that I would read on spare time. I don't know whether it's the flow of the structure or what. But I always get lost in the "too much" information supplied. Hence I cannot give it 5 stars.

Book Description

In-depth guidance to help professional developers achieve mastery of advanced ASP.NET capabilities. Get the expert insights and pragmatic code examples you need to master the advanced features and capabilities for developing sophisticated Web applications with ASP.NET 2.0.

Customer Reviews:

Not the best for custom controls.......2007-06-19

I bought this book specifically for the 100+ pages on creating custom web controls. That is the only portion of the book that I have used.

The book does not come with a CD for the source code examples, and I have been unable to find them online.

That means I have to type in the examples. I normally don't mind, as it helps me learn. But his sample control, SimpleGaugeBar, has code scattered across two chapters (#13 and 14), all in bits and pieces. The code is intermingled with alternate code examples that (I think) he isn't using in the class, plus code from other classes apparently unrelated to SimpleGaugeBar.

The sample control is also buggy. Of course, it's my guess as to the code that is supposed to be contained in the control, because there is no single definitive listing of the code in the book. I suspect the sample code is simply buggy because the event sequencing the control responds to does not match the way the control was coded.

He separated the creation of the internal list of control objects and the styling code into two routines. That's probably a good idea. But, and this is a killer, if you programmatically change the properties of the control, the internal list of control objects is created *before* the new property value is set, and applies styling after the property is set. This will cause the control to fail, because the styling code will refer to objects that were not created based upon the prior property settings.

The styling code also refers to objects in the internal list of controls by array index number instead of by their id. That's bad form and very prone to error.

I'm not a happy customer.

That said, there is a lot of material on custom controls, and I learned a lot going through it. There are not a lot of resources out there that cover this topic in any depth, and this is one of the few. So, muddled, buggy and disorganized as it is on this topic, I would recommend it (until I found something better).

Broad and deep coverage.......2006-07-10

The two books of this series (Core Reference & Advanced Topics) offer broad and deep coverage of ASP.NET.

All the important topics of ASP.NET web sites are covered in a mostly tutorial with a little reference fashion. The books are well researched. The coverage of what really happens during compilation, request processing, and expression evaluation is excellent. The books avoid being an MSDN rehash. By carefully pointing out which ASP.NET versions support which features, the books will be useful for working with any ASP.NET version. No matter what you're working on you'll find something useful in these books. Note that web services are not covered.

The terms "core reference" and "advanced topics" (which MS press is using on all the non beginner books) make no sense at all with these books. If you're serious, you need both books. Think of them as volumes 1 and 2 of a single book.

I do have some issues with these books. The biggest mistake was recommending the use of GDI+ (through the System.Drawing namespace). This is not supported. The System.Drawing namespace page in MSDN states "Classes within the System.Drawing namespace are not supported for use within a Windows or ASP.NET service. Attempting to use these classes from within one of these application types may produce unexpected problems, such as diminished service performance and run-time exceptions."

I didn't enjoy Dino's writing style. It's verbose (at times), he uses odd words to describe things, and was boring even by tech book standards.

The chapter on configuration was difficult. It would have better to cover configuration throughout the book, in the context of what was being configured, instead of a single all configuration and only configuration chapter.

The section of asynchronous pages was confusing and didn't really explain why asynchronous pages improve scalability.

Despite my reservations, there is much that's good about these books. Anybody who's serious about ASP.NET should consider getting both of them.

Written by somebody who knows what he is talking about.......2006-06-25

Basics of .net framework is presented in a clear and lucid style. This book is a joy to read and . by the way there is not much difference in content wise between applied .Net framework programming and this book. My only worry is the speed at which microsoft is pushing .net versions as if there is no tommorrow! [Subsequently the catch up I have to do on reading all this!]

FINALLY a book geared at the experienced developer..........2006-06-02

If you need to do more than just write sample code for tutorials, then this is the book for you. It provides valuable coverage of the ASP.NET landscape. I learned things about web services I never knew I could do with .NET.

Well worth the money if you need to build PRODUCTION READY web services that need to solve real life problems.

A must have.......2006-06-01

This is one of the must have book for a professional web programmer.
Dino write clear how ASP.NET works specifing the deep details.

When Dinosaurs Die: A Guide to Understanding Death (Dino Life Guides for Families)

Average customer rating:

Helps children deal with death
Not a bedtime story...but therapeutic for those who are grieving
Doesn't relate to anything real
Very helpful, easy to use only the relevant parts
Preview first - way too graphic for our family

When Dinosaurs Die: A Guide to Understanding Death (Dino Life Guides for Families)
Laurie Krasny Brown
Manufacturer: Little, Brown Young Readers
ProductGroup: Book
Binding: Paperback

General | Ages 4-8 | Children's Books | Subjects | Books

Suicide | Death & Grief | Health, Mind & Body | Subjects | Books

Look Inside Children's Books | Trip | Specialty Stores | Books

Look Inside Health Books | Trip | Specialty Stores | Books

All 4-for-3 Deals | 4-for-3 Books Store | Stores | Books
Similar Items:

ASIN: 0316119555

Customer Reviews:

Helps children deal with death.......2007-09-01

My eight year old son struggled with the death of an uncle. We found this book at the local library. He read it and then recommended that I read it - "it will help you too, mom." We had to purchase our own copy and got one for our school's guidance office. Great way to remember a loved one and deal with the loss at the same time.

Not a bedtime story...but therapeutic for those who are grieving.......2007-06-07

This book is not meant as a soothing bedtime story. It is a direct, frank look at death and grief, designed for children who are confronting the death of a loved one. I know that some reviewers were disturbed by the fact that this book covers death by suicide and homicide, but from my position providing counseling in schools, I can say that I have found that to be one of the book's assets, as (unfortunately) I counseling kids who have lost loved ones to suicide and homicide. This book is rather long, partiuclarly because it is written in a comic book type format, with many captions and speech bubbles. I would highly suggest that you do NOT try to read the whole book to a child in one sitting. The book is broken up into sections (How Do People Die? Feelings About Death, etc.), and those are good guidelines for starting/stopping. Read one section and talk. Listen. Answer questions. Draw. And let it be. Try another section later. Don't feel that you have to read all of the sections. Just go with what's relevant for your family. I have found that this is a fabulous book to get kids talking. It's non-threatening. They can choose to identify with the dinosaurs in the book or not. Also, Amazon says this is for ages 4-8. I would say that this is not the best book for the younger set (4-5), and I would extend the upper range to 13 (or even older). Young teens like the comic book style, and because the text does not talk down to its readers, they find the content relevant as well.

Doesn't relate to anything real.......2007-03-08

I did not enjoy this book and would not use it in my work.

Very helpful, easy to use only the relevant parts.......2007-01-05

My four year old daughter is grappling with death because the mother of one her friends just died very suddenly. We've found this book to be helpful in making things concrete for her, 4 year olds aren't really into abstractions.

I understand some people's reservations about the section on suicide; since my daughter is still in the early stages of reading we just skip it. I quite liked the idea of introducing the possibility of helping others through organ donation, but that's just me.

I must disagree with the reviewers who criticized the hamster to grandparent progression, it seemed to answer the material issues on something relatively minor (a rodent) before the more frightening death of a grown-up. I certainly was never as upset about a pet hamster of mine dying as I was about a person, so that seems a safe way to get started.

Anyway, our daughter's tendency is to ask a lot of questions, so my wife and I have both been glad to have something that covers the bases and saves us from having to completely wing it (the more usual response!)

Preview first - way too graphic for our family.......2006-10-10

I had intended to use this book to help my 7-year-old but when I previewed it, I found it to be a case of "too much too soon." It appeared the author tried to address every conceivable way a child might encounter death but, for my child, it would have introduced MANY more fears than it alleviated. Many of the illustrations were especially disturbing. Having a child wail "can we keep our house?" as the obituaries float around the picture was too much. Introducing death by substance abuse and suicide was too much. Discussing the donation of eyes to an eye bank or having the word "autopsy" in the glossary was too much. For young children facing death and the grief process for the first time, I would use extreme caution if considering this book. My child would have had nightmares for ages.

How to Be a Friend: A Guide to Making Friends and Keeping Them (Dino Life Guides for Families)

Average customer rating:

This book as taught us a lot!
Great book for Kids
GREAT!
A fun read!
Kid's Review

How to Be a Friend: A Guide to Making Friends and Keeping Them (Dino Life Guides for Families)
Laurie Krasny Brown
Manufacturer: Little, Brown Young Readers
ProductGroup: Book
Binding: Paperback

General | Ages 4-8 | Children's Books | Subjects | Books

All 4-for-3 Deals | 4-for-3 Books Store | Stores | Books
Similar Items:

ASIN: 0316111538

Book Description

Written and illustrated by the creators of the popular Dino Life Guides for Families, this book uses precise language and humorous illustrations to offer specific ways to be a friend and specific ways not to be one.A special section on how to deal with bosses and bullies has valuable information for young children going forth in the world and encountering these situations for the first time.

Customer Reviews:

This book as taught us a lot!.......2007-07-13

I bought a bunch of books for my 4 year old son when I learned he was teasing the other kids at his preschool. This was one of them. He loves this book, and I notice that he has gotten so much better playing with other children since we started reading this book.

It has been so effective that I simply say "Jimmy, is that how you be a good friend?" when I feel he is being unkind, and he will answer me, using "good friend" examples from the book, and immediately change his behavior. He also tells other children how they can be "good Friends" too.

Unfortunatley, as he nears the age of being a "tattle tale", he is very quick to point out when other children aren't being "good friends" and tells them "You need to read Mommy's book." LOL

I highly recommend to any parent.

Great book for Kids.......2007-02-22

I enjoyed the book. It will help my students become better friends with personal ideas and reasons.

GREAT!.......2007-01-10

Reinforces the criteria and requirements that kids need to know to be a "GOOD" friend in easy to understand examples.

A fun read!.......2007-01-04

I bought this book to find out how to help my 10 year old with some basic friendship issues. This book was VERY basic and geared for a younger child, but I feel that it is a great book for any parent. My daughter read it also and said that she thought it was very helpful, but a little too "kiddy" for her taste.

Kid's Review.......2006-10-19

I actually give this book four and half stars. I liked it a lot and it had lots of good advice about how to be a good friend. It described how I feel when I feel shy. I am five and almost three quarters and my sister who is two liked it also.
Jacob (with help from his mom)

The Art of Software Security Testing: Identifying Software Security Flaws (Symantec Press)

Average customer rating:

Highly recommended primer
Excellent for Managers/Executives or Techies New to Security
Introductory for the inexperienced, by the inexperienced
Great resource for software testers interested in security
Book for All Software Professionals

The Art of Software Security Testing: Identifying Software Security Flaws (Symantec Press)
Chris Wysopal , Lucas Nelson , Dino Dai Zovi , and Elfriede Dustin
Manufacturer: Addison-Wesley Professional
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Databases | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Look Inside Business Books | Trip | Specialty Stores | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0321304861

Book Description

Risk-based security testing, the important subject of this book, is one of seven software security touchpoints introduced in my book, Software Security: Building Security In. This book takes the basic idea several steps forward. Written by masters of software exploit, this book describes in very basic terms how security testing differs from standard software testing as practiced by QA groups everywhere. It unifies in one place ideas from Michael Howard, David Litchfield, Greg Hoglund, and me into a concise introductory package. Improve your security testing by reading this book today.â

– Gary McGraw, Ph.D., CTO, Cigital; Author, Software Security, Exploiting Software, Building Secure Software, and Software Fault Injection; www.cigital.com/~gem

âAs 2006 closes out, we will see over 5,000 software vulnerabilities announced to the public. Many of these vulnerabilities were, or will be, found in enterprise applications from companies who are staffed with large, professional, QA teams. How then can it be that these flaws consistently continue to escape even well-structured diligent testing? The answer, in part, is that testing still by and large only scratches the surface when validating the presence of security flaws. Books such as this hopefully will start to bring a more thorough level of understanding to the arena of security testing and make us all a little safer over time.â

– Alfred Huger, Senior Director, Development, Symantec Corporation

âSoftware security testing may indeed be an art, but this book provides the paint-by-numbers to perform good, solid, and appropriately destructive security testing: proof that an ounce of creative destruction is worth a pound of patching later. If understanding how software can be broken is step one in every programmers’ twelve-step program to defensible, secure, robust software, then knowledgeable security testing comprises at least steps two through six.â

– Mary Ann Davidson, Chief Security Officer, Oracle

âOver the past few years, several excellent books have come out teaching developers how to write more secure software by describing common security failure patterns. However, none of these books have targeted the tester whose job it is to find the security problems before they make it out of the R&D lab and into customer hands. Into this void comes The Art of Software Security Testing: Identifying Software Security Flaws. The authors, all of whom have extensive experience in security testing, explain how to use free tools to find the problems in software, giving plenty of examples of what a software flaw looks like when it shows up in the test tool. The reader learns why security flaws are different from other types of bugs (we want to know not only that âthe program does what it’s supposed to,’ but also that âthe program doesn’t do that which it’s not supposed to’), and how to use the tools to find them. Examples are primarily based on C code, but some description of Java, C#, and scripting languages help for those environments. The authors cover both Windows and UNIX-based test tools, with plenty of screenshots to see what to expect. Anyone who’s doing QA testing on software should read this book, whether as a refresher for finding security problems, or as a starting point for QA people who have focused on testing functionality.â

– Jeremy Epstein, WebMethods

State-of-the-Art Software Security Testing: Expert, Up to Date, and Comprehensive

The Art of Software Security Testing delivers in-depth, up-to-date, battle-tested techniques for anticipating and identifying software security problems before the âbad guysâ do.

Drawing on decades of experience in application and penetration testing, this book’s authors can help you transform your approach from mere âverificationâ to proactive âattack.â The authors begin by systematically reviewing the design and coding vulnerabilities that can arise in software, and offering realistic guidance in avoiding them. Next, they show you ways to customize software debugging tools to test the unique aspects of any program and then analyze the results to identify exploitable vulnerabilities.

Coverage includes

Tips on how to think the way software attackers think to strengthen your defense strategy
Cost-effectively integrating security testing into your development lifecycle
Using threat modeling to prioritize testing based on your top areas of risk
Building testing labs for performing white-, grey-, and black-box software testing
Choosing and using the right tools for each testing project
Executing today’s leading attacks, from fault injection to buffer overflows
Determining which flaws are most likely to be exploited by real-world attackers

This book is indispensable for every technical professional responsible for software security: testers, QA specialists, security professionals, developers, and more. For IT managers and leaders, it offers a proven blueprint for implementing effective security testing or strengthening existing processes.

Foreword xiii

Preface xvii

Acknowledgments xxix

About the Authors xxxi

Part I: Introduction

Chapter 1: Case Your Own Joint: A Paradigm Shift from Traditional Software Testing 3

Chapter 2: How Vulnerabilities Get Into All Software 19

Chapter 3: The Secure Software Development Lifecycle 55

Chapter 4: Risk-Based Security Testing: Prioritizing Security Testing with Threat Modeling 73

Chapter 5: Shades of Analysis: White, Gray, and Black Box Testing 93

Part II: Performing the Attacks

Chapter 6: Generic Network Fault Injection 107

Chapter 7: Web Applications: Session Attacks 125

Chapter 8: Web Applications: Common Issues 141

Chapter 9: Web Proxies: Using WebScarab 169

Chapter 10: Implementing a Custom Fuzz Utility 185

Chapter 11: Local Fault Injection 201

Part III: Analysis

Chapter 12: Determining Exploitability 233

Index 251

Customer Reviews:

Highly recommended primer.......2007-08-19

This review refers to the 2007 edition of "The Art of Software Security Testing" by Wysopal, Nelson, Zovi, & Dustin.

I highly recommend this as a primer for anyone interested in software security testing.

First, it is up-to-date. In a very useful discussion the book points out that the nature of attacks and attackers have changed considerably in recent years. Methods for protecting oneself must change accordingly.

The book is brief, comprehensive, and generally well written. One finds a goodly amount of practical information to get started. More importantly, one gets a broad understand of the primary areas of interest acting as a guide for further study.

Everything is touched upon in sufficient detail for a book of this type. Part I covers the genesis of security defects, the Secure Software Development Lifecycle (SSDL), and Threat Modeling. Part II covers common types of attacks and how to test for them, including Network Fault Injection, Web Application Session Attacks, and SQL Injection. Part III covers stack and heap overflows and how to assess their exploitability.

Many of the topics covered deserve volumes of their own such as Threat Modeling (Microsoft Professional), Exploiting Software: How to Break Code (Addison-Wesley Software Security Series), and The Security Development Lifecycle. But this book will give you lay of the land and enough knowledge to get started on security testing right away.

The book misses 5 stars because it becomes difficult to follow in places. The book attempts to cover both Windows and UNIX/Linux systems, and occasionally confuses the two, at least in the mind of the reader. One example is the section on "Port Discovery" where the authors discuss similar and completely different UNIX and Windows tools in a confusing interleaved fashion. It would have been wiser to separate the discussion of Windows and UNIX systems into discrete sections.

That said, I highly recommend the book as a primer on security testing for it's coverage, brevity, and up-to-date information.

Excellent for Managers/Executives or Techies New to Security.......2007-08-19

I had a need to learn about software security and performed Internet research to see what resources were available. A review somewhere on the Internet about this book stated it was an excellent reference to learn the basics. I placed my order at Amazon as their pricing was outstanding.

If you need to learn the basics ASAP than this book is as good as it gets. It's great for managers and techies alike.

Highly recommended.

Introductory for the inexperienced, by the inexperienced.......2007-08-01

This is a highly illustrated book on using tools, hacks, and simple techniques to do the most rudimentary of analysis and testing, such as inspecting process listings, netstat output, using sysinternals utilities, and click-and-go fuzzers/testers. This is basically a phonebook of utilities and tools that other people write, and where to find the 'Go' button on each one, complete with full-page screenshots that serve to distract from poor authoring.

The author's commentary of inner-workings of other people's tools or program output lacks any insight. Their analysis of program output either demonstrates the lack of understanding the authors have about the machine level significance of the topic, or the insulting way in which they spare you such (highly critical) details.

This book is for pointy-haired security 'professionals' or project managers who 'Never got around to learning C (in 21 days)'. If you are so much as a novice college comp sci student with at least one language under your belt, this book is most likely below you.

I give it 3 stars, however, because this book does have a large audience, and serves it well. There is a lot of money still yet to be made in the computer security field for selling snake-oil solutions and powerpoint-sprinkled application audits.

There is probably a very difficult route to be introduced into software and systems manipulation and analysis, involving a thorough education on the C language, machine architecture, and program dissasembly. There is also probably a very easy route to achieve the same end-goal of working in the computer security field. This is where this book has its position as an intermediate step of the world of "for dummies" and "21 days" books.

I purchased this book because I was so highly impressed with the quality of AW published books on this field, such as The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Also, the Amazon ratings up until now are very high. I made a quick buying decision, and my pocket book aches for it. This book should have been published by a second-rate publisher like Syngress, not AW!

Great resource for software testers interested in security.......2007-02-09

"The Art of Software Security Testing" is the first security testing book I read that includes a reputable software tester (Elfriede Dustin) among its authors. This should lend the book instant credibility with its main target audience: testers and QA engineers. The security proficient readers will be happy to know that the main author is Chris Wysopal, one of the members of the famous L0pht Heavy Industries security research group who testified before the US Senate that it is possible and indeed within their power to "take down the Internet in 30 minutes".

Most security testing books adopt a black-box approach, detailing security assessment and penetration testing techniques that view the "victim" -- be it a device, an operating system or an application -- as an unknown quantity (or should I say quality, since we're talking about testing) that is probed and attacked from the outside in. A few books adopt a white-box approach, teaching code inspection and secure coding techniques, viewing the software from the inside out. "The Art of Software Security Testing" is a fortunate blend of the two approaches, teaching its readers how to conduct what is called "gray-box testing", which is of course what you get when you combine black and white.

When it comes to assessing the security of an application, testers have one important advantage over outside attackers: they can collaborate with the designers and developers of the application and get an insider view of what the book repeatedly refers to as "the attack surface", basically the list of all the inputs and resources used by the program under test. Armed with this knowledge, testers can then apply a wealth of techniques that attempt to break the security of the application, and that can be summarized in two words: fault injection. Indeed, the bulk of the book is devoted to the presentation of techniques and tools that assist testers as they try to make the application fail by feeding it various types of inputs (hence the term fault injection). These inputs range from carefully crafted strings used in SQL Injection attacks, to random byte changes in given input files, to random strings fed as command line arguments. Two important classes of fault injection tools discussed throughout the book are proxies (such as WebScarab) which allow the attacker to intercept and modify traffic to and from the application under test, and fuzzers (such as CLI Fuzz) which allow the attacker to inject random inputs into the application. As an aside, I liked the fact that the authors discuss mostly freely available Open Source tools.

If you are a tester trying to assess the security of an application, a developer trying to improve the security of your code, or even if you are a seasoned security practitioner trying to learn new ways to attack software, this book is for you. I, as a tester, found valuable advice right in Chapter 1: act as a detective by applying the fault injection model, think as an attacker, prioritize your work via threat modeling, and rely heavily on automated tools. All this and more in a fairly slim book, whose size and weight make it inappropriate for a door stop -- a use I have been tempted to give to many oversized security books.

Book for All Software Professionals.......2006-12-07

This book should be read by everyone in a position of responsibility for developing, testing and/or implementing a software application.

The paradigm shift in thinking outlined in The Art of Software Security Testing has been needed in the application security area for sometime. This shift includes a focus on disciplined approaches to performing security requirements definition, secure software development and responsive security testing, where the greatest vulnerabilities exist.

Instead of security C&A teams preparing documents and checking boxes, a leadership role is needed within organizations to modify application development with an emphasis on security throughout the software development lifecycle from security requirements definition through structured security testing.

Finally a book that effectively articulates the actions we all need to perform for securing applications and building secure applications. This book is written at the right technical level and provides guidance to industry and government professionals who must deliver real projects under considerable schedule pressure.

Jeff Rashka
Director of Applications
US Federal Highway Administration

Average customer rating:

Excellent. Dont listen to the whiners
Itermediate or Not ...
not a good book for beginner
Not Good!
If your writing an MS Book you should use their product.

Programming Microsoft ASP.NET
Dino Esposito
Manufacturer: Microsoft Press
ProductGroup: Book
Binding: Hardcover

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Networking | Microsoft | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0735619034

Book Description

More advanced than many other books on the subject, this title uses a task-based approach to craft a balanced presentation of the inner workings of ASP.NET technology and to provide extensive hands-on code examples. Programmers can plug these code examples into their own projects to learn the ins and outs of the technology and to build and deploy ready-made solutions quickly—making it the ideal comprehensive resource for developers who want to learn ASP.NET and start building ASP.NET-based applications right away.

Customer Reviews:

Excellent. Dont listen to the whiners.......2006-03-31

This book is an excellent buys. He goes over everthing in details.

The code samples arent all there but If you buying a book for code samples surf the web and save your money.

He beautifully describes every single aspect of .NET. Anyone who says that book is anything less of excellent needs thier head examined.

If you need code write it yourself and use the book as a guide. The way computer books are intended.

Nick

Itermediate or Not ..........2005-11-10

Look, I've been programming for 20 years now, and I have read my fair share of books on the topics. ASP.NET is a new environment to me, but it's not foreign. I understand the concepts and I understand OOP.

My gripe with this book is this, his code samples on page 800 reference code written on page 400, which means you have to read all 1100+ pages to understand what he's talking about at any given point. You can't just flip open to a section on the topic you want and read.

Additionally, the title of the book is "Programming Microsoft ASP.NET" and it contains over 1100 pages. I would think that some portion of that would be dedicated to developing web applications.

To be fair, he does offer some insite on the topics of IIS, security, server processes, XML, the file system, extending controls, mobile compatibility, etc. etc.

But, he simply dances around the things that are really core to developing a web based application. His primary focus is on presenting data, without presenting ways to interact with it. Just being able to present data, without the ability to interact with it is not an application, it's a brochure.

not a good book for beginner.......2005-09-29

If you are new to ASP.NET, this is not a good book for you. I don't understand why the author did not have the actual code in the download samples. If he don't want to share his code, why bother to write the book? We the beginners need to have the actual code to play with it, not just reading the examples!!!

Not Good!.......2005-07-18

Just plain horrible. You'll find some code.... after flipping 40 pages or so.

If your writing an MS Book you should use their product........2005-06-29

I was hoping for something more along the line of Murach's ASP.NET with VB.NET where the examples are done using the IDE. That's why I never cared to much for Petzoid, except in the very beginning when all there was was Quick C for Windows. Murach's C# book is great if you just want to do Windows apps, but they do not cover ASP.NET using the language. I'm really sorry I spent the money on this book.

It seems crazy to resort to what could be line edited code when you have a very powerful tool.

Applied XML Programming for Microsoft .NET

Average customer rating:

Great VS2003 Book
For Advanced readers only
stop punishing yourself with MSDN
*THE* XML book for .NET
Guru's Guide to XML Programming

Applied XML Programming for Microsoft .NET
Dino Esposito , and Dino Esposito
Manufacturer: Microsoft Press
ProductGroup: Book
Binding: Paperback

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books

ASIN: 0735618011

Book Description

XML is buried everywhere in the Microsoft .NET Framework, but effective XML parsing and coding in .NET requires adjustment. This book describes the set of XML core classes in .NET, introduces the .NET XML parsing model and how to program against it, and discusses XML readers and writers and XMLDOM. It examines related technologies such as schemas, transformations, and XPath, and it discusses data issues such as synchronization and serialization, the DiffGram format, and the XML extensions in Microsoft SQL Server 2000. This Microsoft Press title also reveals how to get the best performance from XML with .NET, and it offers in-depth information on interoperability topics such as when to use XML Web services and when to use remoting.

Customer Reviews:

Great VS2003 Book.......2007-03-25

Dino does a great job on this book. It is a great reference on how Microsoft handles and processes XML.

This book only has one drawback that it is outdated as it refers to Visual Studio 2003 and many things in Visual Studio 2005 have been changed or are outdated.

Hope they pubblish soon a book that is more up to date.

For Advanced readers only.......2005-04-14

I am a proficient MSXML coder but i can't get what I want (knowledge about .Net XML programming objects) from this book because the author habitually relies on advanced concepts from related technologies to explain things. So unless you are a pretty competent .Net programmer and already proficient in ADO.Net/ADO you will struggle to understand this book and struggle to understand the significance of what you are being told and why. I gave up and resorted to looking for articles on MSDN. Undoubtedly there is good stuff here but Mr Esposito writes as an extremely knowledgeable person for the already extremely knowledgeable person only.

stop punishing yourself with MSDN.......2005-01-11

Dino tells all in this superb and in depth look at XML on Microsoft's .NET platform. The book is well organized, starting at the fundamental classes and then branching out to the high abstraction level .NET classes and other Microsoft products such as SQL Server 2000 and Internet Explorer.

As an example of why this book is so wonderful, there have been several situations where I needed to do something in XSLT that just didn't seem practical (maybe not even doable). The section on how to use standard .NET languages such as C# from XSLT is itself worth the price of admission.

Keep in mind that readers are expected to have a good grasp of XML; the book is a .NET book.

*THE* XML book for .NET.......2004-06-28

Dino Esposito has total, absolute command of the subject matter that he expertly teaches in this book. This is a template for how all technical training books should be written. I wanted in-depth coverage of the XML object library in .NET and that is exactly what this book delivers. This is THE book on XML in .NET. Don't waste your money on anything else.

It is also terrific supplemental material for the Developing XML Web Services and Server Components certification exam. I recommend Mike Gunderloy's book as an all-encompassing source (look up my review for that book); however, I recommend reading the first four chapters of this book before you start Gunderloy's book if you don't have much experience reading and writing XML in .NET. Chapters 12 and 13 on remoting and web services, respectively, are also great sources of exam prep material. In fact, Chapter 12 on .NET Remoting is the best chapter on the subject you will find anywhere.

Terry, MCAD and MCSD for Microsoft .NET

Guru's Guide to XML Programming.......2003-12-31

Gr8 book if you need assistance with xml programming and also helps in using all methods of reading, writing and using xml. Dino! High five.

Building Web Solutions with ASP.NET and ADO.NET

Average customer rating:

For Advanced users
Disjointed, Inarticulate, Incomplete
Warning-Expert book, No VB.NET code, all C#
This book deserves 6 stars !
Extremely good book for Intermediate to Advanced readers

Building Web Solutions with ASP.NET and ADO.NET
DINO ESPOSITO (WINTELLECT) , and Dino Esposito
Manufacturer: Microsoft Press
ProductGroup: Book
Binding: Paperback

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Modeling & Simulation | Computer Science | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0735615780

Book Description

Most Web applications follow a simple "3F" pattern: fetch, format, and forward data to the browser. With this in-depth guide, developers can take their Web design and programming skills to the next level to build more complex Web pages, applications, and services. The book demonstrates the advanced data-access capabilities of ADO.NET and the powerful page-creation capabilities of ASP.NET, plus how to employ code reusability, pagelets, code-behind, server-side controls, and other time-saving techniques.

Customer Reviews:

For Advanced users.......2005-09-26

If you are looking for a beginners book, this is not for you. This is for intermediate to Advance level users. The text is explained very well - gives you a feeling that the author not only knows the subject but also knows how to teach it which is what you want in a book.

Disjointed, Inarticulate, Incomplete.......2005-08-12

It's pretty clear that the author (Dino Esposito) knows the subject--he just can't seem to put it down on paper.

He has the habit of raising a question at the beginning of a paragraph, working his way around it for several semi-relevant sentences before finally saying what he means. It always left me thinking, "For Pete's sake, if that's what you wanted to say, then why didn't you just say it?" Or worse yet, he'll just meander off without ever really resolving the question at hand.

There are some good ideas in the book. In fact, it's really more of a loosely organized collection of things you can do with ASP.NET and ADO.NET. Unfortunately there are few concrete examples so you are going to need another book if you want more than an overview of developing .NET web apps. The book could more accurately be titled, "Some things you could do with ASP.NET and ADO.NET if you had a good book to work with". But this isn't it. Sigh.

And a little pet peeve for books from Microsoft Press: OK, you don't have to focus on non-MS technology, but geeze, don't pretend they don't exist. The chapter on "Interoperability" discussed *only* COM/ADO.

So, keep looking if you are really interested in "Building Web Solutions with APS.NET and ADO.NET."

Warning-Expert book, No VB.NET code, all C#.......2004-02-12

This is not an intermediate book:

The author knows what he is talking about. Perhaps he made it overly complex, he goes in to great detail and some of it is overkill. I started reading it and I knew that I needed to get another book that simplifies some of the subjects and I would use this book when I need to get to the gritty details. I was rather disappointed that there was no Visual Basic .NET code. The author clearly is a C# expert. I may change my review once I read the whole book, I am sure I will appreciate his thoroughness once I have a grasp of ASP.NET.

This book deserves 6 stars !.......2004-02-09

In depth discussion on most important features of ADO.NET and ASP.NET. Buy it and enjoy it if you are a professional developer. Don't buy it if you don't know anything.
It's a shame to give this book less than 5 stars.

Extremely good book for Intermediate to Advanced readers.......2004-01-07

This is quite a good book on real techniques to solve real problems. It's still going to be useful if you use for you're development third party controls and frameworks, you still will find valuable information inside. I wouldn't recommend it for the very beginner that wants a Learn-This-In-1-Hour book (and keep yourself in the ignorance :-)).

Customer Reviews:

Simply the best.......2005-11-14

Simply the best textbook on software engineering. Concise content and extensive coverage of most conventional SE topics. For students and practicioners who are interested in learning more than drawing simplistic diagrams.

Timeless.......2003-11-27

I bought my first copy of this text in 1992 and it has been my constant companion and mentor ever since. From my early Pascal days in college to J2EE development in present times, I have always found the authors' treatment of the discipline of software engineering to be concise, accurate and relevant to the issues at hand. It is one of those books that code shovellers hate...an uncompromising publication that addresses serious process issues such as requirements specification, rigour, interface design and modularity, and robustness. These matters just refuse to go away, and the authors of this book know it. This book is timeless.

Good.......1997-11-05

This book is in overall close to very good. Some confusingthings are the unclear differences of USE-relationship, and otherrelationships. I probably include more comments in the future. END

Books:

Books Index

Books Home

Recommended Books