17.6 For More Information
A great number of books on developing software securely are available. Perhaps one of the best is:
Writing Secure Code, Second Edition, by Michael Howard and David C. LeBlanc (Microsoft Press)
For a concise treatise on the 19 most common security errors software developers make, check out:
19 Deadly Sins of Software Security, by Michael Howard, David LeBlanc, and John Viega (McGraw-Hill)
Security testing is a far different beast from any other form of testing. An excellent resource is:
How to Break Software Security, by James A. Whittaker and Herbert H. Thompson (Addison-Wesley)
Geared more toward the C/C++ coder, this work does a great job of laying out general concepts and includes a good discussion on social engineering:
Secure Coding: Principles and Practices, by Mark G. Graff and Kenneth R. van Wyk (O’Reilly)
A cookbook-style resource critical for any developer to have on his bookshelf (and have read!) is:
The .NET Developer’s Guide to Windows Security, by Keith Brown (Addison-Wesley)
Tip
The entire contents of Brown’s book are available online as a Wiki at http://www.pluralsight.com/wiki/default.aspx/Keith.GuideBook.Home-Page. We encourage you to read through the Wiki content and then go buy the book if you find it useful. Support the folks who made it freely available and searchable on the Web!
Many great security resources are available online. CERT’s Coordination Center is a gold mine of information about security vulnerability reports, best practices, and ...
Get Windows Developer Power Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
