Re: [SC-L] Secure Coding Books

2008-03-07 Thread Neil Daswani 
Hi David,

There is a list of software security / secure coding books at:

http://www.sans-ssi.org/references.php

Gary McGraw has a blog post in which some of these references are
chronologically ordered at:

http://www.cigital.com/justiceleague/2007/04/23/software-security-now-2006-shows-impressive-growth/

If you're interested in secure coding for web applications, there is
also a list at:

http://www.webappsec.org/web_security_books.shtml

In the interest of disclosure, my own contribution
(http://tinyurl.com/33xs6g) which was published last year, is listed
on these pages as well.  I hope that some of the links above can help
you find what you need.

Sincerely,

Neil Daswani, PhD
http://www.neildaswani.com

My book, Foundations of Security: What Every Programmer Needs To
Know is available at http://tinyurl.com/33xs6g


On Fri, Mar 7, 2008 at 5:45 AM, Lawson, David L [EMAIL PROTECTED] wrote:
 I've read several secure coding books in the past, and was wondering if
  anyone has recommendations for secure coding books (preferably from the
  last year or two).

  Thanks,

  David Lawson
  ___
  Secure Coding mailing list (SC-L) SC-L@securecoding.org
  List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
  List charter available at - http://www.securecoding.org/list/charter.php
  SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
  as a free, non-commercial service to the software security community.
  ___




--
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___

Re: [SC-L] Foundations of Security: What Every Programmer Needs to Know

2007-04-10 Thread Neil Daswani 

For those of you that might be potentially interested in the book, following
are some pointers to where you can get more information about it:

* The preface and Vint Cerf's foreword for the book are available under the
Book Extras section at:

http://www.apress.com/book/bookDisplay.html?bID=10225

* An excerpt from Chapter 3 of the book (on Secure Design Principles) is
available at:

http://www.developer.com/java/data/article.php/3667601

* If you are an instructor or an IT professional responsible for training, I
have provided slides and source code that you are free to use for your own
courses and needs at the book's web site (http://www.learnsecurity.com/ntk)
free of charge.  If you might be potentially interested in using the book in
classes or buying copies for your organization, I would be more than happy
to have the publisher provide you with a free evaluation copy of the book--
just send me a quick email with your contact information.

Please feel free to let me know if you have any questions or feedback, and I
look forward to continue helping disseminate knowledge about secure coding
practices.

Sincerely,

Neil Daswani, PhD
http://www.neildaswani.com/
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___