Following are selected resources available online and in print on the subject of developing secure applications and configuring secure environments:
Microsoft Web sites
- Microsoft Security (http://www.microsoft.com/security)
- Learn how Microsoft is working to help you keep your applications and systems secure, from the desktop to network-level systems, with links to security resources for IT professionals, developers, and home users.
- Security Resources on MSDN (http://msdn.microsoft.com/security)
- Guides you to developer-oriented documentation, code samples, technical articles, and other resources for developing secure applications.
- Microsoft TechNet Security (http://www.microsoft.com/technet/security)
- Contains pointers to the most important technical information about security for information technology professionals and "Power Users".
- Maintain Security with Windows 2000 (http://www.microsoft.com/windows2000/security)
- Contains information on the latest security updates for the Microsoft Windows 2000 Operating System family.
- Maintain Security with Windows XP (http://www.microsoft.com/windowsxp/security)
- Contains information on the latest security updates for the Microsoft Windows XP Operating System family.
- Maintain Security with Windows NT (http://www.microsoft.com/ntserver/security)
- Contains information on the latest security updates for the Microsoft Windows NT Server.
- Microsoft Security Toolkit Online (http://www.microsoft.com/technet/security/tools/tools/STKIntro.asp)
- Includes links to the content and tools that provide a baseline level of security for servers that are connected to the Internet and pointers to the information necessary to keep those servers secure.
- Security Operations for Microsoft Windows 2000 Server (http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security/prodtech/windows/windows2000/staysecure/DEFAULT.asp)
- Delivers the guidance that IT professionals need to operate a Windows 2000 environment securely, while ensuring the right access to the right content by the right people.
Other Web sites
- The CERT Coordination Center (http://www.cert.org)
- CERT is a center of Internet security expertise, studying security vulnerabilities, publishing security alerts, and developing information and training to help you improve security at your site.
- NTBugTraq (http://www.ntbugtraq.com)
- Discusses security bugs and exploits found in Microsoft Windows and related products.
Microsoft Press Books
- Bott, Ed and Siechert, Carl. Microsoft Windows Security Inside Out for Windows XP and Windows 2000. Redmond, WA: Microsoft Press, 2002.
- Howard, Michael and LeBlanc, David. Writing Secure Code. Redmond, WA: Microsoft Press, 2001.
- Howard, Michael, et al. Designing Secure Web-Based Applications for Microsoft Windows 2000. Redmond, WA: Microsoft Press, 2000.
- Internet Security Systems, Inc. Microsoft Windows 2000 Security Technical Reference. Redmond, WA: Microsoft Press, 2000.
- Microsoft Corporation. MCSE Training Kit: Designing Microsoft Windows Network Security. Redmond, WA: Microsoft Press, 2001.
- Microsoft Corporation. Microsoft Windows 2000 Professional Resource Kit. Redmond, WA: Microsoft Press, 2000.
- Microsoft Corporation. Microsoft Windows 2000 Server Resource Kit. Redmond, WA: Microsoft Press, 2000.
- Solomon, David and Russinovich, Mark. Inside Microsoft Windows 2000. 3d ed. Redmond, WA: Microsoft Press, 2000.
Bock, Jason, et al. .NET Security. Berkeley, CA: Apress LP, 2002.
Brown, Keith. Programming Windows Security. New York, NY: Addison Wesley Longman, Inc., 2000.
Curtin, Matt. Developing Trust: Online Privacy and Security. Berkeley, CA: Apress LP, 2001.
LaMacchia, Brian, et al. .NET Framework Security. New York, NY: Addison Wesley Longman, Inc., 2002.
Peikari, Cyrus and Fogie, Seth. Windows .Net Server Security Handbook. New York, NY: Prentice Hall PTR, 2002.
Schneier, Bruce. Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition. New York, NY: Wiley, John & Sons, Inc., 1995.
Seven, Doug, et al. ASP.NET Security. Birmingham, UK: Wrox Press, 2002.