Location: Home » Software Design, Testing & Engineering » .NET Security

.NET Security

Authors: Jason Bock, Tom Fischer, Nathan Smith, Pete Stromquist
Publisher: Apress
Category: Book

List Price: ~~$44.95~~
Buy Used: $0.87
as of 7/30/2010 09:15 CDT details
You Save: $44.08 (98%)

New (22) Used (16) from $0.87

Seller: owlsbooks
Rating: 4.0 out of 5 stars

4 reviews

Media: Paperback
Edition: 1
Pages: 310
Number Of Items: 1
Shipping Weight (lbs): 1.5
Dimensions (in): 9.1 x 7.3 x 0.8

ISBN: 1590590538
Dewey Decimal Number: 005.8
UPC: 689253155387
EAN: 9781590590539

Availability: Usually ships in 1-2 business days

Also Available In:

•	Kindle Edition - .NET Security
•	Paperback - NET Security

Similar Items:

.NET Development Security Solutions

Programming .NET Security

Programming Entity Framework

Microsoft SQL Server 2008 Reporting Services

Expert One-on-One Visual Basic 2005 Database Programming

Editorial Reviews:

Product Description

When you use .NET to create client-and server-side applications, you have to address a new and large set of security issues. .NET Security shows you what you need to know by covering different aspects of the .NET security model through detailed discussions about the key namespaces. The authors demonstrate how to write .NET code to create secure systems within the .NET Framework. They also discuss possible break-ins to the security model in .NET&emdash;and how .NET prevents such intrusions.

This tutorial explains how to use the .NET security and cryptographic classes, and functions as a reference manual for developers seeking to understand security implementation in the .NET Framework. Additionally, the .NET Framework requires understanding in many new areas like managed code, permissions, and evidence&emdash;all of which this dynamic book covers.

Customer Reviews:
5 out of 5 stars

A Good Starting Book November 17, 2002
5 out of 5 found this review helpful

This is a very good book for anyone new to .NET and or security. The .NET documentation is missing in several areaas and this book helps fill in the gaps that the docs have in security. But this book IS NOT a regurgitation of what I can find in the docs. It is new material

The first couple of chapters make it very clear how to do encryption with .NET. This is the first time I have seen an explanation for what the IV key is for in the encryption algorithms.

I was pleasantly surprised to see the discussion in chapter 3 about XML encryption. The standards for this are just coming into scope and this chapter does a nice job of describing what is happening in this space.

Code access security is a tught topic to cover in a short chaptyer but the authors do a good job. Again, there is a lot of hype about code access security but you have to look hard to find any real information about it. While I don't have to worry about this right now, this chapter gave me a good understanding of what is possible and how to do it.

I also found the last chapters on remoting and ASP.NET interesting and learned a few things in each chaptyer.

Is this book a 'cover everything including the kitchen sink' refernce? No. But it is a very good book for anyone who wants a good, solid introduction to the capabilities of .NET security and cryptography. And for me, that is important! Give me information that I can use and work with now. Not more reference material that I need to digest and sort through.

5 out of 5 stars A Comprehensive and Compact book November 1, 2002
Jehangir Abdulla
3 out of 4 found this review helpful

.NET Security( http://www.amazon.com/exec/obidos/ASIN/1590590538/ ), by
Jason Bock, Pete Stromquist, Tom Fischer, Nathan Smith, is a very good
Intermediate level book. They have touched upon all of the topics of
interest when it comes to security in the .NET Framework going into fair
amount of details whenever necessary.

First chapter starts off with a introduction to Cryptography, good for
someone who is just starting off learning about cryptography, a good
refresher for others who already know about the basics of cryptography.
Second chapter then goes on to talk about how the various cryptography
classes have been implemented in the .NET framework and how they can be
used. They talk about both symmetric and asymetric algorithms, Random Number
Generation, Hashing etc. They even mention Salting, something that's not
very well documented.
Third chapter talks about Xml Encryption and including Digital Signatures in
Xml Documents, this specification was so new when .NET came out that I was
surprised to see the Xml Signature implementation in the System.Security
namespace, the downside though as a result was very little documentation,
not any more though, the third chapter talks about everything one needs to
know about Xml Encryption and Signatures in detail.
The fourth chapters goes into a good amount of detail on Code Access
Security. The authors show a good mix of managing security using both code
and also using the Control Panel utilities. They go on to write and deploy
their
own permission class.
The rest of the book talks about Security when using Remoting and also Role
Based Security, in short they talk about
security considerations in every kind of scenario. The chapters on ASP.NET
security and MS Passport were not that useful to me though since those
topics have pretty much been beaten to death by every ASP.NET book out
there. Oh yes the last chapter on the risks of decompiling .NET assemblies
and suggestions on how to mitigate that was a good read.
APress seems to have developed a knack for publishing books that are thin
and to the point, this one is no exception, I'd give this book an 8 on 10. I
would've given it a higher rating if it would've talked about the
AllowPartiallyTrustedCallersAttribute, I think a discussion of CAS is
incomplete without the mention of this attribute.

Other books out there that cover Security in .NET are the following
1. .NET Framework Security(

http://www.amazon.com/exec/obidos/ASIN/067232184X/ ). I saw the table of
contents for this book, it pretty much covered everything this book covers,
this book was a whole lot thicker though, so I did thumb thru it at [a local store], thought the first 3 chapters or so were useless as they talked about
security risks, thought that was pointless since I know pretty much what the
risks are hence I am reading about security :), thought the .NET Security book by APress book
covered pretty much everything that this book has and in a more concise way...

3 out of 5 stars A terse introduction only... October 22, 2002
Robert M. Downey (Cambridge, MA United States)
2 out of 7 found this review helpful

I bought this book in hopes it would add to the excellent information in the book ".NET Framework Security".

Alas, the book's various topics are only given lip service.

If you're looking for a hard core analysis of code access security, only buy this as a secondary reference.

2 out of 5 stars Unfortunately, only good for a solid overview September 16, 2003
0 out of 2 found this review helpful

It covered all the topics you would expect, but it is mostly a just a good overview of .NET security. I expected more in-depth coverage for a book titled as such. It has only a very brief overview of encryption algorithms without enough real world examples in my opinion, being an advanced .NET programmer but new to the issue of security.

The book is actually quite thin compared to its competition, so that should have tipped me off. You could go through it in a couple of days, but the price doesn't reflect that. I was really impressed with the .NET Programming with C# book from the same (small) publisher, so I was really hoping for a lot more. Consider the table of contents and decide for yourself whether this books warrants a purchase. It's a reasonably new topic of course so there are only a few other choices out there right now.