Software Books

A few years ago (I'm told) Bill Gates called all of the developers together and told them that the big thing it was necessary for Microsoft to do was to implement strong security systems in their mainstream products. I don't know if this is true, but the biggest changes in their 2003 series of products is greatly increased security emphasis.

Exchange Server is no exception. This book is oriented around how to get the most out of Exchange Server while protecting the security of the messaging system. It is written by a network security expert who worked closely with the Exchange Server development team. Published by Microsoft Press, this can be viewed as the definitive book on the subject.

Good book! I'm not an Exchange admin, but I need to understand what the issues are in Exchange and Outlook security. I found the book very helpful in a couple of ways:
* covers 5.5. and 2K, even though the title says 2003
* covers life cycle issues like archiving and compliance
* covers Active Directory and Certificate issues
I was impressed that the book managed to combine enough detail to be valuable to technical users, with clear enough descriptions of the issues to make sense to non-techies.

In today's environment of spam, virus, and bad things in general, knowing how to protect yourself is a very valuable commodity.
Paul has managed to condense everything you need down to a nutshell, okay, maybe more like an acorn tree. But it's all in there.
Chapter 20 should be a must-read for anyone in messaging. It goes over some of the legal aspects of you and your messaging system. Most administrators don't realize the possible litigation that they can get themselves into. And sure, your company will protect you. When it comes to a 10 million dollar lawsuit or an employee, who's going to get the shaft?!
Ever worry about what permissions have been set on something? Take a look at Appendix B for an in-depth guide.

I admit to a certain degree of bias, being that I'm the author and all, but this really *is* the only book that takes a comprehensive approach to every aspect of Exchange security. The book covers physical and operational security, patch management, end-to-end transport security using IPsec and TLS, client-to-client security with S/MIME, and even security issues related to mobile devices like BlackBerrys and Windows Mobile smartphones. Sample chapters are available from a variety of places, including the book's companion website at e2ksecurity.com.

If you're going to pick up a book on Microsoft Exchange Server security, this is *the* book for you. Great and comprehensive coverage on everything to do with Microsoft Exchange Server from one of the foremost Exchange Security experts in the industry. I highly recommend this book to anyone who is seriously interested in understanding what's entailed in Exchange-related security, including some ground-breaking content on compliance (Sarbanes-Oxley, HIPPA, SEC, etc.) and legislation pertaining to e-mail ... which alone is well worth the price of the book! Highly recommended!!

If your organization is facing the challenge of figuring out how to overcome Operating obstacles by leveraging the latest and greatest technology, then this book is for you. It truly helped me understand the strength of what SOA brings to the table, and how to wrap methodologies around it to really differentiate your business with speed and agility.

In this book, Dr. Khoshafian demonstrates his deep industry knowledge and expertise by not only illuminating the importance of SOA to today's business architecture but also by applying this expertise into actionable advice for the reader. Khoshafian helps the reader to understand the practical applications of various technologies while he explores the SOE. I would recommend this book to both business and IT for greater understanding of the issues impacting today's businesses.

The most pragmatic approach to BPM and SOA that's meaningful to an enterprise.

A must read if you want to avoid BPM or SOA becoming something a software vendor sells you and becomes shelf-ware.

Dr. Khoshafian shows just how important it is for organizations to have an effective gameplan with SOA and BPM, not to mention the many benefits one can reap from these valuable technologies. And he tells this in a way that is practical, understandable and yet still realistic. Service Oriented Enterprises is a must-read, whether you're from the IT or business side of the aisle.

Have you identified the human element of SOA within your organization? Service Oriented Enterprises provides an in-depth look at how SOAs are affecting various facets within the enterprise - both organizational AND cultural. Dr. Khoshafian has done a tremendous job making the argument that SOA is only part of the puzzle toward change and that the second major layer of SOEs, called service oriented business process integration, is key to success. I especially liked the ideas he presented on how service orientation can narrow the gap between business and IT, as I can implement some of those ideas at my company. This book will be helpful to both the IT-focused people within your organization as well as the business people who are actively trying to lead in today's service-computing world.

What use is a Web site if no one uses it? Too many Web design books and development tools provide cut-and-paste solutions to design problems without providing the developer with an understanding of fundamental principles.

This is where Dr. Badre's book enters the scene - in a big way. "Shaping Web Usability" does just what it promises, providing clear, cogent instruction in designing sites for people in all their needs and diversity. It promotes a robust methodology for Web design that can adapt to user requirements without sacrificing logic or cohesion. Badre's process also helps one communicate methodology and design issues to others. This book gave me the grounding I needed to explain to clients exactly why I had made a particular design decision and how it would benefit the site users.

If you are concerned about your site being used once it is published (and who isn't?), take a look at this book. It can't make your Web site for you, but it can help you identify and satisfy an online audience better than any other book on the shelves.

Dr. Badre has written an interesting work which thoughtfully examines two important concepts: genre and cultural context. In addition to plenty of solid HCI theory and empirical data, Dr. Badre provides clear examples of how close attention to the genre of one's site and the cultural context in which it is most likely to be viewed will provide a more useful and pleasurable experience for the user. With these simple and powerful concepts, Dr. Badre provides some excellent guidance to new and experienced website designers.

This book is unlike many other web usability books. It goes well beyond the cookie-cutter guidelines for fast web usability, and gets the reader thinking deeply about contexts of web usability. It focuses on the real important issues and concepts. However, it is not an abstract or theoretical book. The author illustrates the concepts and explanations with numerous real examples from the web. This book is a must read for web designers, information architects, and web usability engineers.

This is a serious work on Web Usability that attempts to define in detail the user context and to construct a user-centred methodology based on that context.

There are so many books on web usability these days and most of them are about web pages first and people second. Doctor Badre's approach, though, is firmly grounded on the human side of HCI and some of the material in this book is outstanding.

The chapter on "Older Adults" is a great example. Badre is fastidious enough to consider the different cognitive needs of people in this group and to consider the implications of those needs for the designer. Elsewhere he considers personality variations, the role of affect (or emotion), and many other individual differences.

In contrast, however, Badre has a strong leaning toward standards and predictability, which seems to contradict his comments elsewhere. Having identified the myriad reasons the web audience is uniquely diverse he nevertheless finds traditional HCI evaluation techniques attractive, and sometimes fails to bite the bullet.

For example, Badre insists that "Testing conditions ... should approximate the actual situation in which ...visitors are likely to find themselves." Yet he does not display any distrust of laboratory testing, questionnaires and all the artificialities of user testing that would suggest a more ethnographic approach.

The material on the test methodology is therefore somewhat weaker, but does not detract in any way from the main part of the book, where Dr Badre's experience in Human Factors allows him to illustrate with considerable skill the way design features can be adjusted to meet the cognitive abilities of real human users. In this arena, Dr. Badre is a leading authority, and it is for this, the main body of the work, that I would strongly recommend this book to web and usability professionals alike.

Clear and rigorous, Dr. Badre's book is an essential resource for the serious Web practitioner. Going beyond the usual lists of do's and don'ts, he gives the reader a strong grounding in the field of usability and how its principles apply to the Web. Web designers and implementors who read Shaping Web Usability will not only know what to do, but why -- so they can respond successfully to new and complex design challenges.

Though in places a bit heavy-going for a non-specialist readership, SDIMM is a first-rate introduction to the information sciences. As an overview of state-of-the-art technology, SDIMM may be dated, but the problems it describes are timeless -- and fascinating. Anyone interested in how information is measured, moved, and translated to the media of minds/brains and computers, would do well to read this exceptional book. Here's hoping RL makes future contributions to the popular science literature.

This is a popular computer book about data compression and data representation. It was first published way back in 1989 and now eleven years later it's not in the slightest bit out of date. How many popular computer books can you say that about?

Althought this book has been written 20 years ago, it is still very
fresh today. The bandwidth with which we communicate, and
our capacity for storing information have increased in the intervening
years, however the fundamental questions that are addressed here
have not changed much. In the first couple chapters, the author starts
with a very precise definition of what information and capacity mean.
This part is merely 50 pages in length, but makes this book worth
owning on its own - I wish somebody gave it to me when I was
learning about information theory.

The remainder of the book is devided into chapters dealing
with different aspects of information: text, speech and pictures,
including problems associated with their storage, processing
and intrepretation. The presentation is insightful, informative,
and, given that it is addressed to an audience of non-mathematicians,
surprisingly precise. Each chapter ends with a ligh-hearted essay,
some of which I found to be deceptively deep and insightful.

I thoroughly enjoyed reading this book. I'd strongly recommend this book for anybody interested in how things have evolved in computing. Great insight into stuff we take for granted like compression algorithms, error correction.

I read this book over and over and love it every time. It covers topics that I teach from the standard texts, but it covers them in a way that makes it all make so much more sense to my students. This truly is an amazing book!

A superbly written book on fabrication of silicon integrated circuits.Chapter 2 provides a gentle yet fairly detailed introduction to the overall process and each item touched therein is expanded subsequently.The language is clear and figures convey their intended meaning,overall its a wonderful starting point for further study in silicon integrated circuits technology.As has been pointed out in one of the reviews here, this book has been adopted in many US universities.The link embedded in this review is one such instance and as such can be used to obtain more information and benefit from a full set of audio lectures, assignemnts and other supplementary material as a part of MIT's open course ware program.The instructor is Prof Judy Hoyt.
[...]

Before this book was published, Wolf & Tauber's book was the only good reference I had. Plummer's new book has a thorough review of basic principles, very well updated parts on current manufacturing equipments (Wolf's book also has extensive coverage in this respect). The best part in my opinion is oxidation & diffusion parts where the authors are one of the leaders in current research. The book not only focuses on the specific details, but also gives an integrated view of the whole CMOS fabrication process, which I enjoyed a lot.

I strongly recommend this book for students who want to learn basics of IC fabrication and also professional engineers who needs a good and well updated reference.

I've read a number of books in this field - Plummer, Wolf, Campbell, Sze, Madou. Each book has its strength, and Plummer's book stands out in terms of its broad, in-depth coverage of modern silicon CMOS technology. It doesn't cover MEMS or other exotic nanofabrication.

Many students who've read the book said that Chap 2, where a modern CMOS process flow is described step by step from the substrate to back-end, was the best part. By doing so, the authors teach us that not only unit processes but their collection, i.e. process integration, is the key in successful CMOS technology.

Overall, the quality of the content and attention to small details are superb, as one can expect from a book written by one of world's foremost researchers in the field (Plummer is the Dean of Engineering School at Stanford). In particular, I liked chap2 for integrated description of CMOS flow, the lithography chapter which covers optical systems, details of photoresists, phase shift masking. Also, diffusion and ion implantation parts are second to none, since the authors made numerous contributions to the research field. It's such pleasure to learn about the latest in silicon IC processing from the Silicon Valley authority at Stanford!

The book has been adopted by many US engineering schools already, and I see it on many bookshelves belonging to IC engineers. If you need an authoritive, well-organized reference for modern silicon IC processing, I strongly recommend this book.

The best part of this book is that it covers modern fabrication technology. I expecially liked the approach of introducing the complete CMOS fabrication flow in the beginning. It puts a context to following chapters. It is what I call system level approach for slicon fabrication. There is also emphasis on measurement and simulutions that are missing from traditional books. Both these are essential to modern technology. Also, I was very happy to see details on manufacturing choices - e.g. LOCOS vs STI. Explanations are clear.
This is a text book, therefore at times may seem too dense, but definitely worth it if you are a process engineer.

if your an electrical / process engineer, this is one of the must have books.

This is a terrific book on what it takes to make web applications really work (both for users and for the businesses that create them). Managers of web design projects should read this book for its eminently practical advice on documentation, workflow, and pitfalls to avoid. Highly recommended.

If you're new to building web applications and want a balanced perspective on the engineering challenges involved -- from understanding user needs to data modelling to scaling gracefully -- this book is a great place to start. It's mostly language-agnostic, so it'll be a good starting point for a few years but won't update you on the latest technology. Nevertheless, I know very few web developers who wouldn't learn something important from a careful reading of this book.

Where this book really shines is as a bridge from the world of college Computer Science to the world of actually building applications people use. This transition encompasses understanding your users, making flexibile designs, considering security, aesthetics, and a host of other issues one does not actually learn in a normal college CS curriculum. Thanks to its project focus, this book (and the course curriculum it implies) seeds an awareness of these many issues that can later be developed through experience. Other "software engineering" books over-emphasize theories, but this one will actually press you to get stuff built.

It's not easy to build a really good online community website. There are a lot of things to think about, and many of them have little or nothing to do with technical programming skills.

Buy this book, read it, step through it, and learn from some of the best teachers on the subject. And then when you've learned what they have to say here, take your new-found skills and build your own online community site. Using the methods in this book, your web sites can be more useful, successful, and profitable.

To Philip and Alex's Guide to Web Publishing, I learn of this new chapter in Mr. Greenspun's (et al) effort to encourage the Web to be all it can be. This volume is plainly a text book, designed as a practicum, and with its completion my understanding of how to achieve what's possible now and conjure the future of the Web will be greatly furthered. I'm finding it inspirational in the process of designing; expand your dream's horizons!

This book is helpful for programmers as well as people who work more generally with technology. I'm using very specific, technical information from the "Adding Mobile Users to Your Community" chapter for a web application I'm building, while using concepts from the chapter on discussion forums for a research project on how discussion tools are used at my university. If you build web applications, or work with people who do, I highly recommend this book.

You may find the articles in this book one by one from the net, but it's always good to have a all-in-one product.

For anybody involved in teaching classes on Project Management, this book is an excellent reference. Broad focus, enjoyable and informative reading...

This book is a collection of numerous classic articles on software project management. It is well organized and it is clear that a great deal of effort was put into identifying the best articles to include in this collection. The reason I give it 4 stars instead of 5 is for what it doesn't have -- an index! Without an index you will have a difficult time finding specific information without scanning many pages of text.

This book provides a broad but detailed look at the functions and activities necessary for the proper management of a software development project. It is what you would expect from IEEE, an academic perspective on the process---both from a quantitative development and quality management orientation. Some of the contributors are, of course, priceless (particularly Alan M. Davis' "Trial By Firing: Saga of a Rookie Manager") in relating their own experiences as project managers in this strange business we're in.

This collection was so good that I went back and ordered the other two collections (Software Engineering and Software Requirements Engineering). For anybody who teaches Software Engineering or Project Management classes (or anybody wanting a broad knowledge of the subjects), these books are invaluable.

When software development moves to embrace agility, project managers can struggle over the new approach and their roles. That's where The Software Project Manager's Bridge to Agility comes in, making it a top recommended pick for business and IT technology collections alike. It covers techniques, transition points, learning to trust teams and use agile techniques to reduce risk, and more. Even more essential are chapters on avoiding common mistakes, and coordinating efforts with project management and non-agile teams.

This excellent book is targeted directly at Project Management Professionals (PMPs) but will be extremely beneficial to any project manager who is interested in agile development. After three short chapters that introduce the general principles and activities of an agile software development project, the authors attack the meat of their subject. Each of the nine chapters of part two corresponds directly to one of the PMI's project management knowledge areas.

Sliger and Broderick, each an experienced PMP, cover the changed responsibilities of the project manager transitioning to agile. A highlight of each chapter is the small table with columns for 'I used to do this' and 'Now I do this' that succinctly summarizes the often profound differences between traditional and agile project management.

This book is necessary reading for any project manager making the change to agile as well as for any ScrumMaster or agile coach working on a large projects. The book takes a giant stride toward dispelling the myth that the only role for project managers is to buy pizza and soda and get out of the way.

When I saw this book, I knew I had to read it, though I was very skeptical about it. Mapping the PMBOK practices to agile practices, is that the right thing to do? Why would you want to do that? What are the authors trying to prove?

The first chapter already helped me forward and removed some of my skepticism. This book is really what is says it is. It's a bridge for the traditional PMI project manager to understand what the difference is between traditional projects and agile projects and it's written in the language of a traditional project manager, the language of PMBOK. From that perspective, I've come to see this as an smart and important book thatm hopefully, will help lots of trainer project managers to understand what agile development is trying to do and why.

The book start with an introduction by Stacia, who describes her experience moving from a traditional environment to an agile environment and the difficulty she faced of changing the way of working she was used to. An excellent introduction that sets the tone of the rest of the book.

The rest of the book consists of 3 parts (plus some appendixes). The first part is the "standard introduction" part in which Agile development gets introduced, in which the first mapping of Agile development to the PMBOK is made and ends with a chapter on a generic agile lifecycle model, which is a guideline for the rest of the book.

The second part is the main part of the book and is structured around the different chapters of the PMBOK. This part actually maps to the PMBOK even on sub-chapter level, done quite well. Within each of the PMBOK chapters, the authors explain the problems the PMBOK tries to solve and how Agile practices solve the same problems, but in a different way. It summarizes this in every chapter with a comparison between traditional practices and Agile practices.

All the chapters seem to cover all the major agile project management practices. It starts with integration management and discussing how all things integrate together and how changes are managed. From there it moves to scope control and explains the differences between traditional WBS task breakdowns and working in a more feature-based way. Time management is next, covering the different planning cycles in the generic agile lifecycle framework (they introduced in Chapter 3). Next is cost management, and quality management. Chapter 9 covers human resource management and was a really nice chapter in which the authors describe well the difference between traditional project resourcing and trying to work with fixed teams that can actually learn new skills when needed. By this time, I felt the major topics had been covered, but there still needed to be communications management and Risk Management to make the mapping of the PMBOK complete. Here I felt the authors started repeating things that were covered earlier, but thats the risk when copying a fixed structure. The last chapter in the PMBOK mapping is procurement management and this chapter was a disappointment to me. The authors are of opinion that there is not much difference in this area, while personally I would not agree with that. Anyways.

The third part covers "the rest" with the main chapter probably be 13 which discusses about the changes in responsibilities between a traditional project manager and an "agile project manager". It describes in fairly much detail the changes in behavior and even tries to cover how to get past this difficult change and why people would want to go through the change (whats in it for them). Also chapter 15 answers one important question: What to do with the PMO. The authors suggest transforming it into an agile supporting organization which they still call "Agile PMO".

Chapter 16 (Selling benefits of Agile) and Chapter 17 (Common Mistakes) are useful chapters for people who are driving the change. It helps them answer some of the common questions and deal with some of the resistance. These chapters conclude the book.

In many areas, I'm still skeptical and do not always agree with the authors. I don't know if it's a good idea to change peoples and organizations role and still keep the old name, like "agile project manager" and "agile PMO". Scrum has solved this by simply calling it different: when the behavior is different then also call it different. Hence the ScrumMaster. Also, the authors strongly stick to the "project thinking" and seem at assume that thats a good way of a managing work. Same with contracts, the authors don't seem to think there will be much change in that area. The book has not convinced me the PMBOK is a good idea either, instead just confirmed my earlier criticism.

All tht said. Realistically, I understand that much of these aspect will not change or not quickly. So, this book introduces new concepts in a familiar language. I do think this will be needed and the authors done a great (perhaps the best possible) job in explaining agile concepts in traditional terms without losing it's meaning. This was the purpose of the book and it certainly succeeded in that.

For project managers looking at agile development, this book is an absolute must.
For agilists, the book is still a good and useful read! (also to understand traditional thinking)

Great work!

Finally a book in the agile series that acknowledges agile and PMI are compatible. As a PMP and CSM, one of my long time frustrations has been too many agile authors create a stereotype of an overly bureaucrat waterfall process being managed by a dictator project manager. That may be a great way to sell their books, but their rejection of sound project management principles has been a disservice to the industry--the classic mistake of throwing out the baby with the bathwater.

As the title states, Sliger and Broderick sets out to bridge this divide and does a super job showing how agile management practices fit into the project management body of knowledge (PMBOK). They reinforce this message with extensive quotes from the PMBOK that explicitly address incremental and iterative development. I especially like their chapter summaries which compare and contrast project manager approaches to specific practices under a plan-driven and an agile project. One of their key messages is that project managers should allow the team to focus on the current iteration, allowing the project managers to focus on removing impediments to future work. This is sound advice no matter what development framework you are using.

Sliger and Broderick discussion on how agile is being extended to product and release planning and how it's adapting to interfacing with PMOs and non-agile teams is also very relevant. While agile purest reject such notions, these are issues that my clients are facing today. Sliger and Broderick succinctly summarize the current thinking on agile product and release planning and provide sound advice on adapting agile to meet these real-world needs.

One shortcoming in the book is that the authors imply that agile is the silver-bullet that should always be used. I wished they would have acknowledge that while agile methods are appropriate in many situations; plan-driven methods are the appropriate choice for other situations. (See Balancing Agility and Discipline: A Guide for the Perplexed by Barry Boehm and Richard Turner)

I highly recommend this book and will be adding to our seminars reference lists. It is especially useful to experienced project managers. As the product description (see above) states they often struggle while transitioning to agile. However, I don't think they are doubtful about the approach, but instead are confused by the hype they encounter. It will also be useful to agilest who starting to see through the hype in other books. Sliger and Broderick have cut through the hype and reinforce the point that effective project management principles still apply.

This excellent book is targeted directly at Project Management Professionals (PMPs) but will be extremely beneficial to any project manager who is interested in agile development.

After three short chapters that introduce the general principles and activities of an agile software development project, the authors attack the meat of their subject. Each of the nine chapters of part two corresponds directly to one of the PMI's project management knowledge areas. Sliger and Broderick, each an experienced PMP, cover the changed responsibilities of the project manager transitioning to agile. A highlight of each chapter is the small table with columns for "I used to do this" and "Now I do this" that succinctly summarizes the often profound differences between traditional and agile project management.

This book is necessary reading for any project manager making the change to agile as well as for any ScrumMaster or agile coach working on a large projects. The book takes a giant stride toward dispelling the myth that the only role for project managers is to buy pizza and soda and get out of the way.

This book is the best book on software project management available for three reasons: (1) it talks to the basics of what makes a successful project and manager, (2) it describes what does not work in a software project, and (3) it walks through practical steps that can be used on real software projects to solve real process problems through the complete life cycle. The book is well written, concise and does not subscribe to any fad methodology or proscribe any silver bullet solutions (smart work and attention to detail are the only effective methods). In fact, the author spends much time debunking industrial myths. There is a good section on cookbook solutions and an example project included as a learning tool. I use this book on the job and highly recommend it.

Unlike most text books, it is a very easy to read book allowing one to read it from cover to cover. The book is an excellent source for novice project managers who need a guide to the many aspects that come with the job. Personally I refer to it often for suggestions on which documents I should produce or what actions to take while managing a project.

This book covers Software Project Management broadly with a lot of good information for both the new project manager as well as the old hand. The material is presented as a comprehensive overview rather than a detailed instruction. By itself the book does not go deeply enough into any of the areas to provide a novice with enough useful information so it's a good book to use in conjunction with books providing more detail.

Despite its lack of detail, the book presents many important points - the importance of the human equation, analysis/organization tools such as Tony Buzan's MindMap, having a Management Information Center, and using standards without having a programmer's revolt. There is only passing mention of key issues such as scope creep, the tendency of management to try to throw more personnel at a project in trouble, needing to build testing into the initial design process, and the pro's and con's of the various development methods (waterfall, spiral, etc.). A number of references are quoted, including many IEEE documents (IEEE is the publisher) plus books by Gerald Weinberg, Capers Jones, Tom Demarco, and other recognized gurus - which make good adjuncts to this handbook.

Phillips perpetuates one of my pet peeves, the issue of including the top ten risks in the risk assessment document. What if there are only 7 risks which seem to be significant? What if there are 12? Granted, it would be unwieldy to track & evaluate dozens of risks routinely, but it doesn't make sense to suggest that exactly 10 be tracked.

The discussions of Configuration Management are quite lengthy and in a bit more detail than other topics covered.

Although the book is fairly short at 500 pages and is easy reading, there is a substantial amount of information covered. The 5 star rating is for the breadth of information covered, with the caveat that other references would be needed by those unfamiliar with the concepts presented.

Don't confuse the ease of reading this excellent book with the depth and power of the information within it. Being involved in software project management myself, I related to the ideas the author expressed and feel I have learned much from reading the book. Other project managers in my company are now reading this book and share similar opinions.

The book contains good explanations of various techniques for formalising projects. It also contains a number of case study experiences which are very apt.

I recommend this book to project managers of all levels and to managers of software companies.

This is a well written book for the people interested in succeeding with software project management. The author spells out the key pit falls to software development and offers realistic solutions. There are many up to date helpful graphics and tables throughout the book. This is easy reading and keeps the reader interseted.

This book has quite good coverage of topics and simple to follow.
References and follow-up/conclusion were useful.

I've maybe three or four books on the subject of software security and this is the best so far. Very concise and well organized and covers just about every facet of software vulnerabilities that I've ever heard of. Very helpful too because at the end of each chapter it gives detailed advice on how to avoid the vulnerability that they dicussed. Also, the CD comes with some nice tools and source code. I definately learned a lot from this book and highly recommend it to both web application and desktop application developers.

Every month, hundreds of security vulnerabilities and warnings are announced. Although they cover a wide set of products and programs, the underlying reason for them is generally the same: insecurely written software. When software is written in insecure code (which includes most software programs written today), serious security flaws are inevitable.

The Software Vulnerability Guide was written to help software developers acquire the methods necessary to write secure code and find existing problems in current software. After making a persuasive case for secure code in part one, the book progresses into the areas that are crucial to writing secure software.

Part two of the book covers system-level attacks and details important topics such as passwords, scripts and macros, and dynamic linking and loading (DLL). Part three plunges into attacks on the software, exploring heady concepts such as buffer overflows, format-string vulnerabilities, and integer overflow vulnerabilities. Most of these attacks have been known for decades but are only receiving wide-scale attention now.

Further chapters delve into securing data and Web servers. For each of the vulnerabilities mentioned, the authors describe how they occur and how to prevent them.

An enclosed CD-ROM contains software examples described in the text, plus various open-source security software testing tools, including Ethereal, Nessus, and Nmap. Any business serious about writing secure software should ensure that all of its code writers receive a copy of this book

Herbert H. Thompson and Scott G. Chase's Software Vulnerability Guide comes from a security director and a security architect, drawing upon their combined expertise to consider techniques developers need to use to produce secure code in modern software. Developers and testers receive both tools and assessments of tools designed to help recognize and prevent common vulnerabilties in source code. Commentary and code examples pack a guide which includes a CD-ROM with source code and many tools described within.

If you consider yourself a solid developer but know you probably don't give the security of your software/databases as much attention as you should, then you need to get your hands on The Software Vulnerability Guide.

Unlike a lot of other security books, this one isn't full of a bunch of vagure generalities. It gives you solid details on some of the most common (and perhaps some less common) holes that exist in the software you just released. The information contained in each useful chapter is easily digestable by beginners.

Buy the book and spare yourself the embarrassment from some twenty something who stole some script off the web and deleted all the data in your intranet application.
[...]