We all want our websites to be secure. We always think this when we start to write one. And then, after we've implemented some 90% of it, we start to wonder whether or not anything we've written is actually as secure as a very secure vault based on the moon or as secure as the drunk in the pub with informational diarrhoea. And, having decided the latter, we make a hasty attempt to obfuscate our code, prevent injection attacks, maybe encrypt a few things and generally make ourselves feel better about it, not knowing how well we've covered our backs, if at all.

Developing secure applications, be they desktop- or web-based, requires us to do two things:

• Be aware of potential vulnerabilities in our code
• Include and work to prevent these security issues throughout development.

Now Beginning ASP.NET Security can't make you change your development process, but what it does do with aplomb is bring you up to speed with common potential vulnerabilities to your website, best practices to avoid them and, where applicable, how to keep up to date with new developments.

With sixteen chapters covering basic page-coding, common ASP.NET framework tasks, and finally tasks out in IIS and .NET as a whole, the book is concise, clearly written, and, most importantly, emphasizes that coding securely isn't as hard or as time-consuming as you might otherwise have thought. On the other hand, it will also highlight the number of flaws in your previous sites you didn't even realise were there. You might subtitle this book "Or Why I Learned To Stop Worrying And Get On With Plugging My Security Holes."

As a former stalwart speaker around UK user groups on Security and now newly resident in Seattle working for the MS Information Security team, Barry Dorrans has been passing his security knowledge on to we Brits for ages and it shows. Each chapter is written around an individual security problem you'll most likely need to attend to before releasing your website live. The crux of the problem is described and, where possible / legal, examples given of how it can be exploited, before solutions are given, often as easy-to-reuse code or instructions you can implement in your own projects. To his credit, it's only in the chapter on hashing and encryption where readers may well get bogged down in the theory of it all, but then again, it's the chapter on hashing and encryption so a fair amount of that should be expected and there's perhaps more plain English here than other attempts have managed.

All in all, Beginning ASP.NET Security is a great book to have in your reference library. It's confidence boosting because what security measures you may have put in place before will be verified (or corrected) in its pages and those you didn't know already soon will be in place - another good set of pro-points to put forward to potential clients during that all-important pitch. There are niggles sure but they are slowly being addressed as Barry releases errata notes on his blog.

Final score 8/10 - well worth the money.

My reviewer’s copies of Professional Smartphone Programming (Wrox, ISBN 978-0-471-76293-5) came through the letterbox today. I took a look at the first draft of this book several months ago and never heard about it again. Skimming through it, I’m really pleased that the finished product has lost much of the broken English and gained much more of the technical information that newcomers to the subject require. Note that the ‘Professional’ in the title is slightly misleading - it references mainly the fact that newcomers to .NET who have just finished their introductory course to programming wouldn’t gain much (or understand much either) but an established .NET programmer new to Smartphone programming could pick this book up and work through it fine. Reviewing a first draft when the authors’ first language is not English is tough; 70% of the time you're flagging issues which are grammatical mistakes but which also affect the facts being taught. Here’s hoping that at least all of the things I flagged were picked up and attended to even if all the spelling mistakes weren’t.

Vista is imminent. We know this. It does not include some of the features initially promised. We know this too. It looks prettier thanks to the new graphics subsystem. Yup. It has a new IP stack rewritten from scratch, new key additions to its default group policy objects, and revamped system backups and restores to name but a few others. Maybe some of this is news?

There’s a lot of brouhaha in the general press about what there is and isn’t in Vista any more. With the release of RC2 though, people’s attentions are being brought back to actually what it does contain and whether it’s worth the upgrade. Enter "Introducing Vista" which, while it was written against a previous version of the O\S, gives you a pretty good and thorough overview of all the features within and where to find them too. Exactly what’s required at this point with volume licensed copies due out before the end of the year.

This guide is well written and pretty clinical with its coverage - there’s not really much discussion of the applications for the new features for example - but it’s pretty typical of it’s author, William Stanek. Still, that’s not a bad thing; the book reads like a manual and not a piece of propaganda as it might have done otherwise. And it’s a good book too, covering many features you might not have found otherwise. Given the target audience for this book is early adopters and system admins trying to get a jump start on business managers with the green flag for actually upgrading operating systems in a business, you could argue that the chapter order of the book should be different, but the book does exactly what it says on the tin. And, because it’s Vista, you know that there’ll be a second edition (or equivalent) put out for the release version of Vista too. A good investment if you actually want to know what’s in this new O\S from Microsoft.

Buy it at Amazon.

Well, that about wraps it up for a few things. Wrox’s Beginning ASP.NET 2.0 is a much better book than Beg ASP.NET 1.x even in the draft stage. It’s probably because there was no pressure from Wrox to produce a beta edition of the book. Of course, the text has been written against beta 2 but will be checked against the RTM build before its published. All being well, the major changes occurred between beta 1 and beta 2 but you never can tell. With any luck, a big change will just mean that the book is not quite day and date with Whidbey but who can tell the future. What I know is that this is Wrox’s number one priority ASP.NET 2.0 book and even if it doesn’t match the heady sales of Beg ASP 3, it’ll do better than anything I’ve produced since that book. Hurrah.

Also finished some HowTo work for the Channel9 PAG Security wiki. Geez, talk about your switches from beginner text to deep security. Not sure which was more time consuming - understanding the concepts and features within or trying to set up the VPC scenarios to allow me to test \ write the code that demonstrate those concepts and features. Still - I am most definitely the newbie in that field. But I can already see applications for dotCoop. Which is good, I think.

O’Reilly got back in touch about the Head First C# sampler that Lou and I did over a year ago now. Still don’t have the passion to write this. Even if the advance covered my living for the six months I’d need to plan and write it, there’s no guarantee of sales and I’d have quit a job I’m reasonably fond of that pays better than a book ever would. If I’m going to write anything book-sized again, it’s definitely going to be something I care enough about to not mind the continuous effort it takes to write. Must have a look at the old unused specs I wrote and seeing if anything sparks interest...

James Crowley over at Developer Fusion has been gracious enough to reissue some of my book reviews on his site. AdWes has been on at me to write some more and perhaps a couple of author interviews too. There’s also a chance of pushing out the Culture Shock Diaries elsewhere too. More random writing is required.

[Originally written for the review column in .NET Developers Journal]

Written by Bob Beauchemin, Niels Berglund, Dan Sullivan

Addison-Wesley, ISBN 0-321-18059-3, $44.99

Databases are at the core of most software projects these days and there is a fair amount of competition between software vendors for a bigger share of a lucrative market. However, it would be fair to say that only DBAs really know what their database servers are capable of and maybe only half of them really everything that their software can do. One of the biggest arguments for this First Look At SQL Server 2005 book then is as a prospectus for all the developer-related features and functional nooks and crannies that the next incarnation of SQL Server (codename ‘Yukon’) will contain.

Split over seventeen chapters and two appendices, this very thorough book covers the ins and outs of four main topics - SQL Server as a CLR host, XML, enhancements to the existing features of SQL Server 2000 and notification services - that should be of interest to developers looking forward to a world of Whidbey and Yukon. Topics such as security and XQuery aren't exhaustive - they'd each take up a book on their own - but all the main points within the context of this book are covered. Indeed, with the exception of Chapter 14, which covers a feature since removed from SQL Server 2005 but is well written anyway, each chapter is clean, concise and packed with useful information.

The author team of three have produced a book that at times goes as deep into detail as Don Box’s Essential .NET does while treating ‘lighter’ topics such as Microsoft’s new enhancements to T-SQL, in no less detail but in an easier to read style. The main focus of this book are the new opportunities for developers to utilize Yukon but administrators can also take a lot away from this book having been made aware of areas that developers may focus on. In all, this is an excellent preview book on developing with SQL Server 2005 in mind and should be kept around until the revised version comes out for the actual release of this new database.

Buy it at Amazon UK