ExD Sandbox

Software that is developed from the beginning with security in mind will resist, tolerate, and recover from attacks more effectively than would otherwise be possible. While there may be no silver bullet for security, there are practices that project managers will find beneficial. With this management guide, you can select from a number of sound practices likely to increase the security and dependability of your software, both during its development and subsequently in its operation. Software Security Engineering draws extensively on the systematic approach developed for the Build Security In (BSI) Web site. Sponsored by the Department of Homeland Security Software Assurance Program, the BSI site offers a host of tools, guidelines, rules, principles, and other resources to help project managers address security issues in every phase of the software development life cycle (SDLC). The book’s expert authors, themselves frequent contributors to the BSI site, represent two well-known resources in the security world: the CERT Program at the Software Engineering Institute (SEI) and Cigital, Inc., a consulting firm specializing in software security.This book will help you understand why:

* Software security is about more than just eliminating vulnerabilities and conducting penetration tests
* Network security mechanisms and IT infrastructure security services do not sufficiently protect application software from security risks
* Software security initiatives should follow a risk-management approach to identify priorities and to define what is “good enough”–understanding that software security risks will change throughout the SDLC
* Project managers and software engineers need to learn to think like an attacker in order to address the range of functions that software should not do, and how software can better resist, tolerate, and recover when under attack.

Edit 2008/08/30 by Mr.NanhTrang: Remove Download Link.

If you think you’re well versed in ASP.NET, think again. This exceptional guide gives you a master class in site building with this framework. You learn how to develop rock-solid web portal applications similar to My Yahoo!, iGoogle, and Pageflakes using ASP.NET AJAX, Windows Workflow Foundation, LINQ, and .NET 3.5, along with ASP.NET 3.5 — sites that can withstand millions of hits every day while surviving scalability and security pressures.If you think you’re well versed in ASP.NET, think again. This exceptional guide gives you a master class in site building with ASP.NET 3.5 and other cutting-edge Microsoft technologies. You learn how to develop rock-solid web portal applications that can withstand millions of hits every day while surviving scalability and security pressures — not just for mass-consumer homepages, but also for dashboards that deliver powerful content aggregation for enterprises.

Written by Omar AL Zabir, co-founder and CTO of Pageflakes, Building a Web 2.0 Portal with ASP.NET 3.5 demonstrates how to develop portals similar to My Yahoo!, iGoogle, and Pageflakes using ASP.NET 3.5, ASP.NET AJAX, Windows Workflow Foundation, LINQ and .NET 3.5. Through the course of the book, AL Zabir builds an open source Ajax-enabled portal prototype (available online at www.dropthings.com), and walks you though the design and architectural challenges, advanced Ajax concepts, performance optimization techniques, and server-side scalability problems involved.

Read the rest of this entry »

This book contains enough detailed information to be useful not only to the intermediate - level programmer, but to advanced programmers as well. While prior knowledge of network programming is not assumed, beginners may find it difficult to work through some of the concepts presented.

• Chapter 1 of the book deals almost exclusively with a treatment of the basic networking concepts and protocols- the physical network topology, ethernet, routing, gateways, OSI, and TCP/IP, UDP, the IP addressing scheme, subnets, ports, FTP, HTTP, sockets, DNS, proxies, etc.

• Chapter 2 jumps right into the fire with an extensive treatise on streams in .NET, both synchronous and asynchronous, FileStream, BufferedStream, MemoryStream, NetworkStream, and CryptoStream. It covers all the Stream Members and Properties, reading and writing, Async callback delegates, stream manipulation, and finally, serialization and formatters.

• Chapter 3 reviews the System.Net classes - name lookup, IP addresses, Request and Response, Authentication and Authorization, Connection Management, cookies, proxy servers, sockets, URIs, WebRequest / Response, connection pooling and permissions.

• Chapter 4 continues to expand with reasonably extensive coverage of sockets - stream, datagram and raw sockets, ports, asynchronous socket programming, and socket permissions with both declarative and imperative security illustrations. About the only glaring omission I noticed was the absolute nonexistence - throughout the book - of any treatment of the Threadpool class.

• Chapter 5 bears down on the TCP protocol, its terminology, connections, flow control, MUX, and TCPClient. There is also some coverage of SMTP and FTP including a pretty good example of how to implement your own FTPClient. The chapter concludes with a discussion of the TCPListener class and a short bit (very short!) about Remoting.

• Chapter 6 is unique in that it is the first time I’ve ever seen an entire book chapter devoted to UDP - and the coverage is excellent.

• Chapter 7 continues this discussion and delves into multicast sockets.

• Chapter 8 is a fairly extensive in-depth treatment of the HTTP protocol and the related .NET classes, including chunking and the WebClient class. It also discusses how to perform authentication with WebClient and how to handle cookies and proxy support. The chapter concludes with a sample of a 100% managed - code HTTP server

• Chapter 9 goes into the EMail protocols SMTP, POP, MIME, System.Web.Mail, NNTP, all of the commands for each protocol.

• Finally, Chapter 10 covers cryptography, and is sufficient to give most developers a good start into the symmetric and asymmetric algorithms along with digital signature and how it works.

• Chapter 11 is a short chapter that covers the various authentication protocols.

Read the rest of this entry »

Design Patterns: Elements of Reusable Object-Oriented Software (Addison-Wesley Professional Computing Series)

• ISBN: 0201633612

• Author: Erich Gamma / Richard Helm / Ralph Johnson / John Vlissides

• Publisher: Addison-Wesley Professional

• Edition: 1st edition (January 15, 1995) Language: English

• Hardcover: 395 pages

• Summary:

Design Patterns is a modern classic in the literature of object-oriented development, offering timeless and elegant solutions to common problems in software design. It describes patterns for managing object creation, composing objects into larger structures, and coordinating control flow between objects. The book provides numerous examples where using composition rather than inheritance can improve the reusability and flexibility of code. Read the rest of this entry »

 

LINQ is the project name for a set of extensions to the .NET Framework that provide a generic approach to querying data from different data sources. LINQ will premier in Visual Studio 2008, and will become the next must-have skill for .NET developers. For more information about LINQ, you can check out the author’s portal at www.linqdev.com.

Pro LINQ: Language Integrated Query in C# 2008 is all about code.

Literally, this book starts with code and ends with code. In most books, the author shows the simplest example demonstrating how to use a method, but they so rarely show how to use the more complex prototypes. Pro LINQ: Language Integrated Query in C# 2008 is different. Demonstrating the overwhelming majority of LINQ operators and protoypes, it is a veritable treasury of LINQ examples.

Read the rest of this entry »