关于.NET安全编程的书籍
2004-07-08 11:00
465 查看
http://www.blogcn.com/user8/flier_lu/index.html?id=1603607&run=.0F06293
随着应用安全性逐渐受到重视,这方面的书籍也越来越多,刚刚整理了一下自己手头关于.NET安全编程方面的书,发现有几本还是很不错的,顺便推荐一把。
O'Reilly 的书始终是有品质保障的,Programming .NET Security也非常不错,amazon上4.5星评价。虽然从销售量来看好像不如其他几本,但从我购买的十几本 O'Reilly 书籍的平均水平来看,肯定还是值得一读的。
从内容上,全书700多页分为5部分,原理、安全、加密、框架和手册,覆盖面还是很全的,而且结构设置比较合理,有大局观,比较适合开发人员阅读、查阅。
Addison Wesley出版的.NET Framework Security 则并不仅仅面向开发人员,因此从原理到配置到编程都有提及,而且有一些其他书籍没有提及的特色章节,例如讨论了Hosting Managed Code时的安全问题等等。Amazon上4星评价,销量是最大的。
Sybex的.NET Development Security Solutions相对来说平和一些,没有太多可圈可点之处,但也算中规中矩。不过好处是有电子工业出版社翻译的中文版《.NET开发安全解决方案应用编程》可以看,呵呵
Prentice Hall PTR出版的.NET Security and Cryptography一书则较为偏向于.NET架构下的密码学相关的原理和使用,虽然也有提及安全,但显然不是其重点。
此外还有一本清华大学出版社引进的.NET Security Programming,因为手头没有电子版,只能凭其目录和amazon上的评价大概了解,感觉内容有些杂,而且没有太多能够强烈吸引我的章节标题,呵呵。
关于ASP.NET安全方面的问题,上述书籍中虽都有提及,但不够详细,不如专门去买本ASP.NET方面的安全书籍来看,这里就不一一列举了。
短期内上述书籍可以从以下地址下载:
Programming .NET Security
.NET Framework Security
.NET Development Security Solutions
.NET Security and Cryptography
随着应用安全性逐渐受到重视,这方面的书籍也越来越多,刚刚整理了一下自己手头关于.NET安全编程方面的书,发现有几本还是很不错的,顺便推荐一把。
O'Reilly 的书始终是有品质保障的,Programming .NET Security也非常不错,amazon上4.5星评价。虽然从销售量来看好像不如其他几本,但从我购买的十几本 O'Reilly 书籍的平均水平来看,肯定还是值得一读的。
从内容上,全书700多页分为5部分,原理、安全、加密、框架和手册,覆盖面还是很全的,而且结构设置比较合理,有大局观,比较适合开发人员阅读、查阅。
以下为引用: screen.width/2)this.width=screen.width/2" vspace=2 border=0> Programming .NET Security By Adam Freeman, Allen Jones Publisher : O'Reilly Pub Date : June 2003 ISBN : 0-596-00442-7 Pages : 714 With the spread of web-enabled desktop clients and web-server based applications, developers can no longer afford to treat security as an afterthought. It's one topic, in fact, that .NET forces you to address, since Microsoft has placed security-related features at the core of the .NET Framework. Yet, because a developer's carelessness or lack of experience can still allow a program to be used in an unintended way, Programming .NET Security shows you how the various tools will help you write secure applications. Part I: Fundamentals Discusses the need for security and the approaches to adopt when developing secure software. These chapters also discuss assemblies and application domains—two fundamental building blocks of .NET applications that play a crucial role in the creation of secure software: Chapter 1. Security Fundamentals Chapter 2. Assemblies Chapter 3. Application Domains Chapter 4. The Lifetime of a Secure Application Part II: .NET Security Contains information about the security-related features provides by the .NET runtime. These chapters describe how the runtim enforces application security and how you can manipulate, customize, and extend runtime security to meet your own security requirements: Chapter 5. Introduction to Runtime Security Chapter 6. Evidence and Code Identity Chapter 7. Permissions Chapter 8. Security Policy Chapter 9. Administering Code-Access Security Chapter 10. Role-Based Security Chapter 11. Isolated Storage Part III: .NET Cryptography Provides a description of modern cryptographic techniques and details the implementation of these techniques provided by the .NET Framework class library. These chapters demonstrate the use of each implementationand show you how to extend the functionality of the .NET class library by implementing your own cryptographic algorithms: Chapter 12. Introduction to Cryptography Chapter 13. Hashing Algorithms Chapter 14. Symmetric Encryption Chapter 15. Asymmetric Encryption Chapter 16. Digital Signatures Chapter 17. Cryptographic Keys Part IV: .NET Application Frameworks Discusses other aspects of .NET Framework security not specifically related to runtime security of cryptography. These include ASP.NET application security, integration with the security-related features of Enterprise Services (COM+), and the use of the Windows Event Log for recording security events: Chapter 18. ASP.NET Application Security Chapter 19. COM+ Security Chapter 20. The Event Log Service Part V: API Quick Reference Provides a quick reference to all types defined in the security-related namespaces of the .NET Framework base clase library: Chapter 21. How to Use This Quick Reference Chapter 22. Converting from C# to VB Syntax Chapter 23. The System.Security Namespace Chapter 24. The System.Security.Cryptography Namespace Chapter 25. The System.Security.Cryptography.X509Certificates Namespace Chapter 26. The System.Security.Cryptography.Xml Namespace Chapter 27. The System.Security.Permissions Namespace Chapter 28. The System.Security.Policy Namespace Chapter 29. The System.Security.Principal Namespace |
以下为引用: screen.width/2)this.width=screen.width/2" vspace=2 border=0> .NET Framework Security By Brian A. LaMacchia, Sebastian Lange, Matthew Lyons, Rudi Martin, Kevin T. Price Publisher : Addison Wesley Pub Date : April 24, 2002 ISBN : 0-672-32184-X Pages : 816 Slots : 2 .NET Framework Security provides the ultimate high-end comprehensive reference to all of the new security features available in .NET. Through extensive code samples and step-by-step walkthroughs of configuration techniques, the reader is taken deep into the world of secure applications. Demonstrations of creating custom procedures and a full explanation of each aspect separate this book from many other "lecture books." Many of the concepts expressed in this book are not only viable in .NET, but on the Internet in general. These factors combined make this the one reference that every developer and system administrator should have. Part I. Introduction to the .NET Developer Platform Security Chapter 1. Common Security Problems on the Internet Chapter 2. Introduction to the Microsoft .NET Developer Platform Chapter 3. .NET Developer Platform Security Solutions Part II: Code Access Security Fundamentals 4 User-and Code-Identity–Based Security: Two Complementary Security Paradigms 5 Evidence: Knowing Where Code Comes From 6 Permissions: The Workhorse of Code Access Security 7 Walking the Stack 8 Membership Conditions, Code Groups, and Policy Levels: The Brick and Mortar of Security Policy 9 Understanding the Concepts of Strong Naming Assemblies 10 Hosting Managed Code 11 Verification and Validation: The Backbone of .NET Framework Security 12 Security Through the Lifetime of a Managed Process: Fitting It All Together Part III: ASP.NET and Web Services Security Fundamentals 13 Introduction to ASP.NET Security 14 Authentication: Know Who Is Accessing Your Site 15 Authorization: Control Who Is Accessing Your Site 16 Data Transport Integrity: Keeping Data Uncorrupted Part IV: .NET Framework Security Administration 17 Introduction: .NET Framework Security and Operating System Security 18 Administering Security Policy Using the .NET Framework Configuration Tool 19 Administering .NET Framework Security Policy Using Scripts and Security APIs 20 Administering an IIS Machine Using ASP.NET 21 Administering Clients for .NET Framework Mobile Code 22 Administering Isolated Storage and Cryptography Settings in the .NET Framework Part V: .NET Framework Security for Developers 23 Creating Secure Code: What All .NET Framework Developers Need to Know 24 Architecting a Secure Assembly 25 Implementing a Secure Assembly 26 Testing a Secured Assembly 27 Writing a Secure Web Site Using ASP.NET 28 Writing a Secure Web Application in the .NET Development Platform 29 Writing a Semi-Trusted Application 30 Using Cryptography with the .NET Framework: The Basics 31 Using Cryptography with the .NET Framework: Advanced Topics 32 Using Cryptography with the .NET Framework: Creating and Verifying XML Digital Signatures |
以下为引用: screen.width/2)this.width=screen.width/2" vspace=2 border=0> .NET Development Security Solutions by John Paul Mueller ISBN:0782142664 Sybex ? 2003 (471 pages) This guide leads you through the differences in Studio in the .NET framework that didn't appear in older versions of Visual Studio, helps you understand the new rules for .NET security, and helps you fix problems created by holes in the .NET security. Part I - Introduction to .NET Security Chapter 1 - Understanding .NET Security Chapter 2 - .NET Framework Security Overview Chapter 3 - Avoiding Common Errors and Traps Part II - Desktop and LAN Security Chapter 4 - .NET Role-Based Security Techniques Chapter 5 - Policies and Code Groups in Detail Chapter 6 - Validation and Verification Issues Chapter 7 - .NET Cryptographic Techniques Chapter 8 - LAN Security Requirements Part III - Web-based Security Chapter 9 - Web Server Security Chapter 10 - Web Data Security Chapter 11 - Securing XML and Web Services Part IV - Other Security Topics Chapter 12 - Active Directory Security Chapter 13 - Wireless Device Security Chapter 14 - Win32 API Overview Chapter 15 - Win32 API Advanced Techniques |
以下为引用: screen.width/2)this.width=screen.width/2" vspace=2 border=0> .NET Security and Cryptography By Peter Thorsteinson, G. Gnana Arun Ganesh Publisher : Prentice Hall PTR Pub Date : August 18, 2003 ISBN : 0-131-00851-X Pages : 496 Chapter One. .NET Cryptography and Security Chapter Two. Fundamentals of Cryptography Chapter Three. Symmetric Cryptography Chapter Four. Asymmetric Cryptography Chapter Five. Digital Signatures Chapter Six. XML Cryptography Chapter Seven. .NET User-Based Security Chapter Eight. .NET Code Access Security Chapter Nine. ASP.NET Security Chapter Ten. Web Services Security |
以下为引用: screen.width/2)this.width=screen.width/2" vspace=2 border=0> 原书名: .NET Security Programming 原出版社: John Wiley & sons,Inc. 作者: (美)Donis Marshall 译者: 余波 张立浩 书号: 7-302-07252-3 页码: 238 市场价: ¥35.00 开本: 16开 丛书名: 出版社: 清华大学出版社 出版日期: 2003-10-1 |
短期内上述书籍可以从以下地址下载:
Programming .NET Security
.NET Framework Security
.NET Development Security Solutions
.NET Security and Cryptography
相关文章推荐
- windows内核安全编程书籍
- .NET安全编程 阅读笔记
- 关于网络编程书籍
- .net安全编程 阅读笔记(二)
- .NET开发安全解决方案应用编程
- 关于java编程中一些编程安全问题的总结
- .NET 安全编程 阅读笔记(五)
- 关于 .NET 方向较为深入的书籍
- 看到某文章中的关于编程必看的书籍
- 关于 .NET 方向较为深入的书籍
- .NET 安全编程 阅读笔记(四)
- 关于C#和.NET编程的小细节,你知道吗
- 关于.Net 编程中出现的对方法不能转到定义的解决办法
- 书单下载 | 关于算法、编程、机器学习等书籍,也许正是你所需要的
- 推荐一些关于编程与黑客的书籍
- PHP安全编程之关于表单欺骗提交
- 关于安全编写代码的一些注意事项[参照msdn],这些在编程基础中都已经相当重要了!
- .net 安全编程(序)
- To De or Not to De?(关于.NET代码安全,反编译和混淆加密)
- 从MapGuide Enterprise 2010针对XSS的的安全补丁看.Net 编程的安全性