Further Reading on Creating Secure Software
(Many of the books below are also available in the CERN Bookshop.)
Must-see Documents and Web Sites
- SANS top 25 most dangerous programming errors
It is not only a list of programming errors, but also ways of avoiding them. - OWASP Top Ten
The Open Web Application Security Project list of top ten web application security flaws. In fact, the list applies to (almost) any kind of software, not only web applications. - Top 10 Secure Coding Practices
- SANS Web Application Checklist
Books on Software Security
-
Writing Secure Code
Michael Howard, David LeBlanc (Microsoft Press 2002)
A good book on different aspects of producing secure software, interesting also for Unix/Linux platform developers. -
Secure Coding: Principles & Practices
(see also
here)
Mark G. Graff, Kenneth R. van Wyk (O'Reilly 2003)
Excerpt: Chapter 1: No Straight Thing -
Security Engineering
Ross Anderson (Wiley 2003)
The whole book contents is available for free download. - Building Secure Software
John Viega, Gary McGraw (Addison Wesley 2001)
This book is relatively old, but it is not obsolete, being more academic than technical.
Publisher's information: Building Secure Software cuts to the heart of computer security to help students get security right the first time. Bugs in software are a serious problem and students must learn to take that into consideration early on in the software development lifecycle. Building Secure Software provides expert perspectives and techniques to help you ensure the security of essential software. If students learn to consider threats and vulnerabilities early in the development cycle they can build security into the system. With this book students will learn how to determine an acceptable level of risk, develop security tests, and plug security holes before software is even shipped.
Excerpt: Chapter 1: Introduction to software security -
Practical Unix & Internet Security
Simson Garfinkel, Gene Spafford, Alan Schwartz (3rd Edition by O'Reilly 2003)
Excerpts: Chapter 16: Secure Programming Techniques (part 1), (part 2), (part 3), (part 4)
Books on Cryptography
-
Applied Cryptography: Protocols, Algorithms, and Source Code in C
Bruce Schneier (2nd Edition by Wiley 1996)
A famous book on cryptography: explanations of algorithms and protocols, implementation advice etc. -
Practical Cryptography
Niels Ferguson, Bruce Schneier (Wiley 2003)
An update on cryptography. - Modern Cryptography: Theory and Practice
Wenbo Mao (Prentice Hall PTR 2003)
Fine here and independent (and enthusiastic) review of the book.
Other Books
-
The Art of Deception
Kevin D. Mitnick (Wiley 2002)
A fascinating book on social engineering by a famous hacker -
Security Warrior
Cyrus Peikari, Anton Chuvakin (O'Reilly 2004)
Probably more for system administrators, this book is still interesting for software developers.