fixing other people's code Well; in a few months anyway.

A month or so ago I saw a tweet flit past asking for someone who has ASP.NET security knowledge; someone pointed the user my way. I assumed it was someone just asking for advice, so I sent off something along the lines of "What do you need to know?". It turns out the recipient was part of Wrox Press and he was after knowledge, on the shape of a book.

So after some pondering and pointing out I thought it had been done to death we both came up with, what I feel, is a new approach for a beginners book on the topic. I ran it past about 20 people who all thought it was a good idea, so I caved in, with some input from my ego and drew up a proposal and outline for a "Beginners" series book. I proposed self contained chapters, dealing with the OWASP top ten vulnerabilities and others; with each chapter based on what a developer wants to do with a web site; use forms, use databases, use cookies and so on; demonstrating the unprotected way, then discussing how it can be exploited and finally fixing it. I hope to have a book that can be both read from beginning to end as well as be pulled off the shelf and used as a reference. After changing the outline to use more active words and adding some things I'd forgotten and other people had pointed out it was presented to Wrox UK and US, and was accepted today. In about 8 months we'll find out if I succeeded or not when "Beginning ASP.NET 3.5 Secure Development" (or something like that) appears ... I wonder if I can chinpose on the cover.

(And yes, Information Cards will make an appearance, if only in an appendix)

Image by Alex Mackay

Technorati Tags: ,,,