.NET Security and Cryptography
By Peter and Arun
Prentice Hall PTR
496 Pages
US $49.99 | Buy Now

About the Author

Anand Narayanaswamy, a Microsoft Most Valuable Professional (MVP) in Visual C# is an independent writer, web developer and technical consultant based in Trivandrum, India. Anand runs learnXpress.com and specializes in ASP, ASP.NET, C#, Visual Basic .NET and Visual Basic 6.0 and in the development of courseware, technical articles, documentation, and reviews of products and books. He is available for writing documentations, help files, product reviews. Reach him at ananddotnet@yahoo.co.in 

I got a nice chance to review a recently released .NET Security book and I thoroughly enjoyed the Job. At the outset, I found that this book is basically intended for Intermediate-Advanced developers who have a good working knowledge of .NET and ASP.NET. The authors have made a great effort to present the complicated material in a very lucid manner. This book is divided into ten chapters and 5 appendixes.

1. .NET Cryptography and Security
2. Fundamentals of Cryptography
3. Symmetric Cryptography
4. Asymmetric Cryptography
5. Digital Signatures
6. XML Cryptography
7. .NET User-Based Security
8. .NET Code Access Security
9. ASP.NET Security
10. Web Services Security

Appendixes

1. A Security Attack Example: The Stack Overrun
2. How the RSA Cipher Works
3. Using the GNU GMP Library
4. Cryptography and Security Resources
5. Exploring Web Services

Among other topics, the authors have covered ASP.NET Security in depth with relevant code snippets. I very much liked the presentation and coverage of Forms and Passport Authentication. I feel that initial chapters of this book (Chapter 2 & 3) will be useful only for those developers who have good experience with Mathematics and Electronics. However, the various aspects of cryptography have been explained elaborately. The authors have presented the material on Digital Signatures very well with the help of relevant diagrams. An interesting aspect of this book with respect to other books is that relevant terms and URL’s are explained on the bottom of the respective pages.

The book covers XML and ASP.NET Security with plenty of source codes and also provides a comprehensive explanation about Web Services Security with special references to Visual Studio .NET. The source codes included on the book are well commented and doesn’t deserve any special explanations. The authors have provided a comprehensive appendix about all the additional resources (Books, Newsgroups, and Websites) which are available for learning further about .NET Security. I must say that Appendix E on Exploring Web Services is very useful and well organized.

The Appendix A analyzes a security attack example and looks like a short case study. I strongly feel that a glossary of important security terms is essential at the end of the book. I hope the authors will take note of this fact and provides them on the second edition of this book. Although this book doesn’t come with a CD, you can download the source codes in both C# and Visual Basic .NET versions from the website of Object Innovations. You can also download a sample chapter from the same website.

Overall, this book is a must read for all .NET developers who are interested to explore Security and Cryptography.

 

User Comments