Product Description
For the complete beginner, this text has substantial introductory material on formal methods and the three FDTs. This is complemented by guidance on how to develop specifications and implementations using the FDTs. The treatment of the FDTs is deliberately non-mathematical to make the book accessible to a wide readership. The book is illustrated with examples since it is believed that a great deal can be learned from the work of experienced specifiers. The examples can be used to study one FDT or to compare the approaches taken by different FDTs. Although the examples mainly deal with data communications, they illustrate important principles that apply in many other application areas. The examples have been written for readers with little knowledge of data communications. The text is suitable for self-study. It would also be appropriate as a textbook for a practical course on formal methods and languages. The examples in particular would be a source of material for laboratory exercises and projects. An instructor's disk has therefore been prepared as a companion to the book. It contains the ASCII text (less the commentary) of all the complete formal descriptions in the book.Major diagrams that would be useful for teaching are also included on the disk in LATEX or PostScript form as appropriate. ... Read more

Product Description

This book constitutes the refereed proceedings of the 5th International Workshop on System Analysis and Modelling, SAM 2006, held in Kaiserslautern, Germany in May/June 2006.

The 14 revised full papers presented were carefully selected during two rounds of reviewing and improvements for inclusion in the book. The papers are organized in topical sections on language profiles - what was the main focus of this SAM workshop - evolution of development languages, model-driven development, and language implementation.

Product Description
Meets the urgent need for a comprehensive introduction to the Specification and Description Language (SDL) in its most current version. Features a comprehensive treatment of the language, enabling the reader to read and write SDL specifications. Paper. ... Read more

Customer Reviews (6)

Excellent introduction to SDL using examples
Anyone looking for a comprehensive introduction to SDL will benefit from this book. More advanced users should perhaps create models in SDL tool or reference many available papers and case studies that use SDL to better understand and learn the language. One cannot become an expert in modeling language by reading books alone, although this book will provide a quick start leaving it up to the reader to advance their skills through practice

SDL is a viable Object Oriented language, and it's heavy adoption in telecommunication, especially wireless systems, is enough testament to is continued success. As a domain-specific modeling language for protocol-intensive systems SDL continue to overshadow the rival, non-domain modeling languages.

SDL, with its Platform Independent notation also supports the true spirit of Driven Architecture (MDA)

Comments from author of alternative
I am the author of a more recent book on SDL (92-96-2000): "SDL Illustrated - Visually design executable models".

"SDL: Formal Object-Oriented Language for Communicating Systems" contains some interesting parts, but they are complexified by examples in textual SDL (everybody uses the graphical SDL form provided by tools). Also, the book lacks a bit of homogeneity (the 3 authors should have collaborated more).

Apart my book, a better book is "Systems Engineering Using SDL-92" by Rick Reed and al, but it seems to be out of print.

Therefore, of course, my book is the best available.

Where's the beef?
As does SDL itself, this book tries to be too many things to too many people, and ends up being woefully shallow.

It would better have separated "object-oriented" concepts from the SDL language itself, instead of interleaving the two in a tangle of tedious examples, missing details and a basically useless reference index.

It might also have addressed the pitfalls of SDL and how they are treated in 'the real world', i.e., by patching in "C".

As it is, it conveys the concept that SDL is useful for building academic models using a nifty block diagram editor.I could have gleaned this from the Telelogic sales brochure, thus saving myself 40 bucks or so.

Former SDL instructor reviews the green book
I used to work for Telelogic. One of my duties was teaching SDL classes. I taught the Intro SDL class and the SDL CAdvanced Code generation class.

I am totally thumbs down on this book. It's on the level of one of those horrid unreadable academic books your professor sticks you with during your undergrad years. Only a guy with PhD could ever love a book like this. I'm sorry, but researchers just can't write books unless the last name is Tannenbaum.

The book is so bad, I was almost ashamed of distributing it during class. I tried reading through it, but I gave up once I got halfway through. IMHO, the Telelogic Intro SDL class is far more understandable. Unfortunately, there is no book I can recommend that would do justice to the merits of SDL. A lot of people just say you should read the ITU-T Z.100 SDL language standard. Eck.

If you just have a general interest in SDL, ask Telelogic for a 3-way handshake demo. The actual demo lasts 30 minutes. Alternatively, you can ask me directly if I have anything available in my SDL documentation projects. BTW, I no longer work for Telelogic. As of this writing, I'm working for Cadence Design Systems.

Not so hot.
The blurb on the back of this book states that it "meets the urgentneed for a comprehensive introduction to SDL...".Unfortunately, itstops at providing an introduction to SDL and for readers wishing to godeeper (anyone specifying or developing software with SDL, for instance)will quickly be frustrated by the superficial treatment which the subjectmatter is dealt with.

Two stars - because it did at least provide anintroduction. ... Read more

Product Description

This book constitutes the refereed proceedings of the 14th International SDL Forum, SDL 2009, held in Bochum, Germany, in September 2009.

The 15 revised full papers presented were carefully reviewed and selected for inclusion in the book. The papers are organized in topical sections on model-driven development, analysis and assessment, evolution of development languages, language implementation and support, and application studies.

Product Description
The software industry has been struggling with how to create and release software that is more security-enhanced and reliable— the Security Development Lifecycle (SDL) provides a methodology that works. Adapted from Microsoft’s standard development process, SDL is a critical way to help reduce the number of security defects in code at every stage of the development process, from design to release. In addition to a brief history of the methodology, this book details each stage of the SDL methodology and discusses its implementation across a range of Microsoft software, including Microsoft® Windows Server™ 2003, Microsoft SQL Server™ 2000 Service Pack 3, and Microsoft Exchange Server 2003 Service Pack 1, to help measurably improve security features. Coauthored by Michael Howard and Steve Lipner, you get direct access to insights from Microsoft’s security team and lessons that are repeatable and applicable to software development processes worldwide, whether on a small-scale or large-scale. This book includes a CD featuring videos of developer training classes. ... Read more

Customer Reviews (4)

Glad to read Microsoft's contribution to the process of developing secure code
I read six books on software security recently, namely "Writing Secure Code, 2nd Ed" by Michael Howard and David LeBlanc; "19 Deadly Sins of Software Security" by Michael Howard, David LeBlanc, and John Viega; "Software Security" by Gary McGraw; "The Security Development Lifecycle" by Michael Howard and Steve Lipner; "High-Assurance Design" by Cliff Berg; and "Security Patterns" by Markus Schumacher, et al. Each book takes a different approach to the software security problem, although the first two focus on coding bugs and flaws; the second two examine development processes; and the last two discuss practices or patterns for improved design and implementation. My favorite of the six is Gary McGraw's, thanks to his clear thinking and logical analysis. The other five are still noteworthy books. All six will contribute to the production of more security software.

"Security Development Lifecycle" (SDL) is unique because in many ways it exposes the guts of Microsoft's product development process.I cannot recall seeing another technical company share so much of its internal procedures with the public.One of the most interesting aspects of SDL is the attention paid to security after a product is shipped.No one at Microsoft breathes a sigh of relief when boxes appear on store shelves.Instead, Microsoft explains how it conducts security response planning in ch 15 and security response execution in ch 17.(Between the two is ch 16 -- only 3/4 of a page!Why bother?)

Although I liked SDL overall (enough to justify 4 stars), I thought it suffered three major problems.First, I don't think the audience was defined properly.p xviii mentions "managers" as the primary target, along with architects and designers.Specifically, "this is not a book for developers."Yet, ch 12 ("Secure Testing Policies") is definitely for programmers. A manager probably not going to know what a "null pointer dereference" is; at the very least that is not a subject that should be discussed in a book for managers.

Second, I think SDL suffers a little too much overlap with the earlier Microsoft book "Writing Secure Code, 2nd Ed."WSC2E addressed writing documentation, security testing ,and obviously secure coding in much the same language as repeated in SDL.Sometimes repetition is justified, but perhaps those subjects appeared in WSC2E for a reason and did not belong in a book for managers.

Third, and most importantly, Microsoft continues its pattern of misusing terms like "threat" that started with "Threat Modeling" and WSC2E.SDL demonstrates some movement on the part of the book's authors towards more acceptable usage, however.Material previously discussed in a "Threat Modeling" chapter in WSC2E now appears in a chapter called "Risk Analysis" (ch 9) -- but within the chapter, the terms are mostly still corrupted.Many times Microsoft misuses the term risk too.For example, p 94 says "The Security Risk Assessment is used to determine the system's level of vulnerability to attack."If you're making that decision, it's a vulnerability assessment; when you incorporate threat and asset value calculations with vulnerabilities, that's true risk assessment.

The authors try to deflect what I expect was criticism of their term misuse in previous books.On p 102 they say "The meaning of the word threat is much debated.In this book, a threat is defined as an attacker's objective."The problem with this definition is that it exposes the problems with their terminology.The authors make me cringe when I read phrases like "threats to the system ranked by risk" (p 103) or "spoofing threats risk ranking."On p 104, they are really talking about vulnerabilities when they write "All threats are uncovered through the analysis process."The one time they do use threat properly, it shows their definition is nonsensical: "consider the insider-threat scenario -- should your product protect against attackers who work for your company?"If you recognize that a threat is a party with the capabilities and intentions to exploit a vulnerability in an asset, then Microsoft is describing insiders appropriately -- but not as "an attacker's objective."

Don't get me wrong -- there's a lot to like about SDL.I gave the book four stars, and I think it would be good to read it.I fear, though, that this is another book distributed to Microsoft developers and managers riddled with sometimes confusing or outright wrong ways to think about security.This produces lasting problems that degrade the community's ability to discuss and solve software security problems.I also question the implication that SDL is great and everything else doesn't produce verified security improvements.I can understand denigrating Linux, but is Microsoft afraid to acknowledge the security record of an OS like OpenBSD?

The Chip Leader shows his strategy
This book is a wonderful glimpse behind the curtain at one of the most advanced software development firms in the world.Renowned for hiring the best and the brightest, this book shows how they learned to do development in a smarter and more efficient manner.Some people may consider a SDL to be overkill, but the evidence presented is clear; if you want an efficient, effective process for meeting customer requirements, one must consider and address security.And this book is the how-to companion to the other great titles associated with Microsoft and secure coding.Whereas Writing Secure Code, Second Edition, focuses on technical detail, this book focuses on the process that enables developer to achieve the technical details.

This book is the project manager's guide to how it should be done.How to set up your development processes so that better developers can contribute in an effective fashion towards making better software.For some, there are no new secrets revealed in this book, but I know of no other source with all this information together in one place.And it comes with a bonus - the material has been tested and proven at the world's largest developer group.And in this case, bigger is not easier, but much harder - decentralized bureaucracies and business unit independence aside, it works at Microsoft, and as it gets further embedded into their processes and systems, the future for this methodology looks better and better.

Thank you Mike Howard and Steve Lipner for finishing the story.First we learn what to do (Writing Secure Code), now you let us know how to get it done (The Security Development Lifecycle).This may not be the perfect book, but then, I've yet to see that one.This book does advance the management side of the state-of-the-art light years forward, into the current century.This book is the textbook for the process side of software engineering in my classes, and I look forward to future editions and more details from behind the curtain.

Managerial View of the Microsoft Approach to Security
As is well known, Microsoft software has been known in the past for producing software that had numerous problems in the security area. It finally became so obvious that the company was forced to make a major change in emphasis regarding the security holes in their products.

Microsoft is, of course, a huge software development organization. To move the organization into writing more secure code it was necessary to develop plans, procedures, classes for managers and programmer and the like to implement writing more secure code. The resulting effort is called the Security Development Lifecycle (SDL).

The results of implementing SDL are summarized in the Introduction to the book. Here are two newspaper headlines quoted there:

Gartner Recommends Against Microsoft IIS (eWeek, 2001)
We actually consider Microsoft to be leading the software industry now in improvements in their security development life cycle (CRN 2006)

This book is aimed at the people managing and defining software projects. It does not contain very many specific code examples that would appeal to the developer. This is not to say that developers shouldn't read it, but that it is not a detailed techie document.

The CD that comes with the book includes several documents that extend the concepts talked about in the book and a six part security class video conducted by the authors.

One note of caution. This book is on the Microsoft approach to security. It's what they are doing. It works for them. But there are also other approaches such as that being implemented by organizations such as the US Government.

Good, but not great
I have been very impressed with other offerings from the Microsoft professional series and was excited when this book was released. This is not a technical book like "Writing Secure Code" and "Code Complete" but a book aimed at managers responsible for software projects. My opinion is not based on real world experience of large software projects, but on academic projects smaller in scale than those of Microsoft.

The introductory material is weak, part 1 which explores the reasoning and history behind the SLD seemed to be stretched needlessly, repeating the same information multiple times. Chapter 4 which provides the management impact of the SDL lacks focus, and does not justify the need (ROI) for the SDL.

Part 2 goes though each step of the SDL in detail. Overall, this section is more polished and for the most part does a good job of covering each domain in detail.While this book is focused on managerial and operational activities, there are times where it awkwardly delves into specific technical details. Chapter 10 (Documents, Tools, Practices for customers) and chapter 15 (Response planning) are strong chapters which most everyone can lean from.

Part 3 is a series of reference materials. Chapter 20 (Crypto) and 21 (Compiler Options) are good guidelines to compare your organizations own practices against.

Strengths:
+ Talks about a real methodology being used at MS everyday
+ Excellent references, cites many foundation papers
+ Gives the reasoning behind many decisions in development in SDL
+ Good discussion of threat trees
+ Managerial focused chapters are well thought out and complete

Weaknesses:
- Technical information is MS focused
- Might be acronym heavy for non-technical/security managers
- Does not reference other secure development processes, such as IATF section 3
- Does not reference NIST 800 series for risk analysis

What I would like to see:
*Expanded Chapter 5 (Education and Awareness), giving more information on the curriculum of security classes offered.

*Better balance between the technical and managerial aspects of the SDL. This book would be stellar either with more technical information (platform independent) or by focusing the book more on managerial aspects of the SDL.

*The actual SDL documents being used at MS

Overall, this is a good book, I would recommend it.However I do think a second edition would help this book immensely. ... Read more

Product Description
Das Buch gibt eine Einführung in die Spezifikationssprachen Estelle, LOTOS und SDL. Die Sprachen sind Standardsprachen der ISO (Estelle, LOTOS) und des CCITT (SDL) zur Spezifikation von Diensten und Protokollen in Kommunikationssystemen. Insbesondere im Zusammenhang mit der Idee und den Konzepten von OSI (Open Systems Interconnection) gewinnen die drei Sprachen zunehmend an Bedeutung - innerhalb und außerhalb der Normung. Das Buch stellt die drei Sprachen weitgehend anhand von durchgängigen Beispielen vor, bei denen es sich um Dienste und Protokolle handelt, die den OSI-Konzepten folgen. Das Besondere an dem Buch ist, daß durch die Verwendung identischer Beispiele die drei Sprachen direkt miteinander vergleichbar werden. Obwohl Estelle, LOTOS und SDL formale Sprachen sind, wird weitgehend auf Formalismen verzichtet, so daß die Darstellung allgemein und leicht verständlich ist. Das Buch bildet daher ein sehr nützliches Komplement zu den offiziellen Dokumenten und Sprachbeschreibungen der ISO und des CCITT. Das Ziel des Buches ist, dem Leser einen Einblick in die drei Sprachen zu geben und als leicht verständliches und kompaktes Nachschlagewerk in der täglichen Arbeit zu dienen. ... Read more

Product Description
Programming .NET Web Services is a comprehensive tutorial that teaches you the skills needed to develop web services hosted on the .NET platform.Written for experienced programmers, this book takes you beyond the obvious functionality of ASP.NET or Visual Studio .NET. It provides a solid foundation in the building blocks of web services, and leads you step-by-step through the process of creating your own.Beginning with a close look at the underlying technologies, Programming .NET Web Services discusses the unique features of the .NET Framework that make creating web services easier, including the Common Language Runtime (CLR) and the namespaces used in .NET programming.Filled with numerous code examples using the C# language, the book leads you through some of the more challenging issues of web services development, including the use of proxies, marshalling of complex data types, state management, security, performance tuning and cross-platform implementation.For those interested in building industrial-strength web services, Programming .NET Web Services is full of practical information and good old-fashioned advice. ... Read more

Customer Reviews (10)

Still worth reading even a couple of versions later
This book covers the .NET web service framework very well.Even though it was written in 2002 I still recommend it for its thoroughness and utility.It was very well thought out and covers the important points of interest in a level of detail that is both practical and thorough.

Out of date
The book is now 7+ years out of date.There's enough of a difference with Visual Studio 2008 to void some of the examples.I learned all I needed in the first 3 chapters, and still skipped a bunch.I didn't see a second edition offered, which would be useful.

Excellent
The book, explains the concept of Web Services, of, forms clear and deep.
-------------------------------------------------------------------------
El libro, explica el concepto de Web Services, de, forma clara y profunda.

Awesome book
I am reading this book after looking at some other WebService books, and this one is climbing the charts.
All the chapters are very thorough and I am quite surprised that not many people have discovered this gem.
Grab a copy and read it, and you will become a confident and knowledgeable web services developer.

Programming .NET Web Services
I like this book. It's very useful for a web developer. ... Read more

Product Description
In Programming ASP.NET, Jesse Liberty and Dan Hurwitz teach you everything you need to know to write web applications and web service applications using both C# and Visual Basic .NET.With a detailed tutorial on Web Forms, it allows you to apply Rapid Application Development techniques (including drag-and-drop control placement) to web development. This book includes extensive coverage of each type of server control, including web server controls, HTML server controls, and custom controls.Programming ASP.NET also offers extensive coverage of data access issues, including topics such as using ASP.NET's list-bound controls; accessing data using the ADO.NET object model, and updating data with or without transaction support.Programming ASP.NET then goes on to discuss such advanced topics as caching and performance, security, and configuration and deployment. The ASP.NET technologies are so complete and flexible; your main difficulty may lie simply in weaving the pieces together for maximum efficiency. Programming ASP.NET shows you how to do just that.Amazon.com Review
Suitable for most any programmer who wants to master ASP.NET with an eye toward real-world development, Programming ASP.NET is an excellent resource that mixes good coverage of APIs with actual programming techniques and advice using Visual Basic .NET and C#. The combination places it in the forefront of currently available titles on ASP.NET.

Written in part by veteran computer author Jesse Liberty, this book offers an excellent mix of coverage of important ASP.NET features that you will absolutely need to use for real-world programming. Readers with previous ASP experience will appreciate early sections that compare an older ASP sample with the new ASP.NET to highlight what's new and improved, with good explanation of the ASP.NET event model. The pace of this book is just excellent. The authors first move through the essentials, like basic ASP Web controls and data binding, before delving into data-driven applications using the (slightly complicated) ASP.NET database APIs. It also helps that the authors let you use Notepad (or another text editor) to create your ASP.NET programs first. (Later, they cover the details of Visual Studio .NET, pointing out how this tool can sometimes make it difficult to see where your code is generated.) There's also coverage of debugging and tracing techniques.

Standout sections on the calendar, Repeater, DataList, and DataGrid controls (all presented in good detail) will help you master these important controls. Coverage of techniques and support for validating user input in Web pages will also help you use these essential features.

The author's well-measured tutorial on Web services (much touted by Microsoft) is as good as any. Their demos (using a well-traveled example of a stock ticker server) will show you what all the fuss is about. They cut through the hype here and manage to show why Web services are a potentially better way toward distributed computing. Later sections look at deployment, configuration, and performance (as well as caching) options that you'll need to deploy and run your ASP.NET programs successfully. Coverage of security options in .NET rounds out the tour of what you'll need to create real applications.

Illustrated throughout with samples from VB .NET and C#, Programming ASP.NET is a worthy addition to the O'Reilly lineup and one of the best available titles for learning ASP.NET. The authors have achieved an excellent balance of practical, hands-on examples and essential programming techniques with the most important APIs and features, all without getting bogged down in the richness and complexity of .NET itself. --Richard Dragan

Topics covered: Introduction to the .NET platform and ASP.NET; basic programs in HTML; ASP and ASP.NET compared; events in ASP.NET (application, session, page, and control events); HTML and ASP controls compared; basic ASP controls APIs (including in-depth coverage of calendar support); code behind forms; using the Visual Studio .NET IDE; tracing, debugging, and error handling; validation controls in ASP.NET (including built-in and custom validators, plus regular expression support); basic data-binding techniques; list and DataGrid controls; ADO.NET tutorial (basic APIs and programming techniques); calling stored procedures; updating database records; Repeater and DataList controls used with ADO.NET; custom ASP.NET controls (including derived, composite, and full custom controls); overview of Web services (including SOAP, WSDL, and other standards); creating and consuming a sample Web service for a stock ticker; ASP.NET caching techniques explained (including fragment and object caching); security options in ASP.NET for authentication, authorization, and impersonation; configuration and deployment options in ASP.NET (including XCOPY deployment); and an appendix with a quick tutorial on database design. ... Read more

Customer Reviews (84)

Good books with detail information
I am new to ASP.NET and this book is good start with all the details required by a starter.

NO SOURCE CODE SUPPORT
Good Content, 3rd Edition lacks Example Source Code on his website (Only 2nd Edition and new ASP.NET 3.5 is available).

If you want to learn ASP.NET 2.0 using this book seriously you probably need to do lots of typing.

Illustrations and pictures are not that straightforward, you need to imagine a lot before getting your hands dirty in VS 2005.

Great Reference and Learning Title
Just as any good large technical book should do, this gives a pretty good reference of all the basic controls and how to perform basic operations.This is also it's only fault, as it spends a lot of time on the simple controls, and not enough time on the more complex concepts.

It's good for reference though, as it does contain a good amount of content to do most anything in ASP.This title is good for the beginner ASP as it covers simple to complex tasks fairly thoroughly.After you've absorbed most of this book, you might find yourself looking for more, and I've mostly found Google useful to add-in the pieces missing from this book.Overall I recommend this for any ASP guru who needs a refresher every now and then.

Subpar Liberty book
I am a big fan of Jesse Liberty books and rate him as one of the best and more experienced tech writers around, but this book is definitely not up to his excellent standard. To be more precise, the book starts out very well, with and introduction to the basic control of ASP.NET illustrated by many clear examples, and the only complaint I have about the first part of the book is that I would have loved to see the two chapters that he devote to webapp structure and configuration right at the start of the book. I think it would have given a clear picture of what one is doing with all those pages and controls and why things are the way they are. The second part of the book is where I was expecting to find more complete and advanced examples on how to build and configure a "real - life " web application, but here is where the book fails miserably. The chapters on ADO can be defined as confusing at best, and the remaining chapters are either a sequence of instructions fitter more to a "build a website visually for dummies" title, or missing crucial information. I have been also very annoyed by the organization of the example code. Every, and I say every example is in the format of a single website, and to make things worse these websites are not organized by chapter number but just by name.
It really looks like the kind of book a smart and experienced tech author could write after studying the documentation throughly but having no real experience with the subject in practice. I think I understand why.. even I find myself more interested in the foundations of a technology on language structure and on general CS subjects than in the structure of the Nth API or Framwork, but still I don't go about writing books on them!
So, a somewhat decent book, especially considering the low general quality standard of ASP books, but nothing to be enthusiastic about.

Clearing up misconceptions
This book is a C# book.The reviews here, along with Amazon's own review, are referring to one of the previous editions where VB.NET code samples were included.

When deciding to buy this book, or not, be wary of the reviews that were posted before the publication date.I can see that this situation has already caused others some grief. ... Read more