Re: My review of 19 Sins

[Andrew van der Stock <vanderaj () greebo net>]

I got my copy from the book stall table near registration. They smell  
so fresh. They still have paper dust bunnies in many pages. ;)

The table of contents are Top 19-like, not Writing Secure Code-like.  
That's my disappointment as well and
influenced the thinking behind my review.

However, if you treat it as a Top 19 book, it's actually very good.  
Ditto if youIf you have a project which seems intractably bad from a  
security point of view, you can give copies of this book to the  
business folks and they'll understand what they need to fix. It's  
very good for that. It might even bring them into the 21st century.

However, if you're writing new code, or highly protected apps or high  
end e-commerce apps, you'll still need Writing Secure Code and the  
Guide 2.0.

After reading the book for a day and a bit now, I don't think new or  
highly protected apps were its target, nor is new code the target as  
the text strongly concentrates on sin patterns rather than "goodness"  
design patterns. The book will help them.

thanks,
Andrew

On 29/07/2005, at 12:02 PM, dinis_webappsec wrote:

> Hey, where are you got your copy of the book? :)
>
> I have mine on order from Amazon and It hasn't arrived :(
>
> I have to say that I had a look at the table of contents and was  
> not very impressed, but I will wait until the book is out (and I  
> have it in my hands) to have a quick read before I review it.
>
> Dinis Cruz
> .Net Security Consultant
> Owasp .Net Project Leader