Writing Secure Code for Windows Vista


Michael Howard, David LeBlanc


Buy from Amazon

Highly recommended to learn about new changes and additions to Vista code base.


1. Code Quality (SAL annotation for C/C++ string buffers, banned API and cryptography, static analysis tools)
2. User Account Control, Tokens and Integrity Levels
3. Buffer Overrun Defenses (ASLR, stack randomization, heap defenses, NX, /GS, SafeSEH)
4. Networking Defenses (IPv6, Network List Manager, RSS, Winsock Secure Socket Extensions, Windows Firewall)
5. Creating Secure and Resilient Services
6. Internet Explorer 7 Defenses
7. Cryptographic Enhancements
8. Authentication and Authorization (CardSpace, GINA changes)
9. Miscellaneous Defenses and Security-Related Technologies (Windows Defender API, Signing, TPM, Credential User Interface API, Kernel Mode Debugging issues)