Software Craftsmanship transcends software engineering, demonstrating that quality software can't simply be manufactured: it must be built by craftspeople with pride in their work, and a personal commitment to excellence. In Software Craftsmanship, Pete McBreen focuses on the craft of software development, explaining why current software engineering techniques often fail, and offering programmers a new path to excellence. Just as the modern carpenter benefits from better tools, materials, and understanding, the modern programmer can benefit from better computers, reusable components, and more robust languages -- but only if he or she is prepared to treat the software profession as a true craft. McBreen explains what software craftsmanship means, how its affects users, and how it changes the developer's relationship with customers. He introduces the concepts of software apprentices and journeymen, shows what can (and can't) be learned from the software engineering movement, and presents specific steps you can take now to move towards craftsmanship in your work -- and your organization.

    You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how. This edition draws on the lessons learned and taught throughout Microsoft during the firm s massive 2002 Windows Security Push. It s a huge upgrade to the respected First Edition, with new coverage across the board. Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them. Then, it s on to in-depth coverage of today s key security issues from the developer s standpoint. Everyone knows buffer overruns are bad: Here s a full chapter on avoiding them. You ll learn how to establish appropriate access controls and default to running with least privilege. There s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting. We ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won t just improve security -- it ll dramatically improve robustness and reliability, too. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.