Michael Howard and David LeBlanc just wrapped up another book:
Writing Secure Code for Windows Vista. (ISBN: 9780735623934, ISBN-10: 0-7356-2393-7.)
(It should be available around mid-April 2007.)
It’s a short book, around 230pp, and covers many of the defenses we built into Windows Vista and explains how you can take advantage of them in your own software. Everyone knows that security is as strong as the weakest link, and it’s critical that applications that run on Windows Vista be as secure as possible, and that means taking advantage of the defenses we offer.
Tabke of contents:
Chapter 1 Code Quality
Chapter 2 User Account Control, Integrity Levels, and Tokens
Chapter 3 Buffer Overrun Defenses
Chapter 4 Taking Advantage of Network Security Features and Defenses
Chapter 5 Creating Secure and Resilient Services
Chapter 6 Taking Advantage of Internet Explorer Defenses
Chapter 7 Cryptographic Changes in Windows Vista
Chapter 8 Authentication and Authorization
Chapter 9 Miscellaneous Defenses
Note, this book is not a replacement for Writing Secure Code 2nd Edition; the new book focuses solely on building applications that take advantage of Windows Vista defenses and does not dwell on secure design, threat modeling, testing or the myriad of coding best practices covered in the earlier book.
Sounds like a must have! 😉