Re: [SC-L] Secure Coding Books

2008-03-12 Thread Bennett, Jason
Hi All,

With all the questions about what are good books are there any views on
actually implementing the principles i.e. using them on real programmes to
drive security improvement. In particular the contrast between exisitng
programmes and new programmes?

Consider the environment before printing this mail.
Thales e-Security Limited is incorporated in England and Wales with company
registration number 2518805. Its registered office is located at 2 Dashwood
Lang Road, The Bourne Business Park, Addlestone, Nr. Weybridge, Surrey KT15
2NX.
The information contained in this e-mail is confidential. It may also be
privileged. It is only intended for the stated addressee(s) and access to it
by any other person is unauthorised. If you are not an addressee or the
intended addressee, you must not disclose, copy, circulate or in any other
way use or rely on the information contained in this e-mail. Such
unauthorised use may be unlawful. If you have received this e-mail in error
please delete it (and all copies) from your system, please also inform us
immediately on +44 (0)1844 201800 or email [EMAIL PROTECTED]
Commercial matters detailed or referred to in this e-mail are subject to a
written contract signed for and on behalf of Thales e-Security Limited. 
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___


Re: [SC-L] Secure Coding Books

2008-03-08 Thread Sebastien Deleersnyder
There is a list on 
http://www.owasp.org/index.php/Education_Module_Good_WebAppSec_Resources

I am currently reading a Secure Programming with Statical Analysi which I
like.

Regards

Seba

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Jim Manico
Sent: vrijdag 7 maart 2008 16:40
To: Lawson, David L
Cc: sc-l@securecoding.org
Subject: Re: [SC-L] Secure Coding Books

How to break web software is one of the best web security coder- 
centric books I have read. Its concise and useful.

Sent from my iPhone

On Mar 7, 2008, at 7:45 AM, Lawson, David L  
[EMAIL PROTECTED] wrote:

 I've read several secure coding books in the past, and was wondering  
 if
 anyone has recommendations for secure coding books (preferably from  
 the
 last year or two).

 Thanks,

 David Lawson
 ___
 Secure Coding mailing list (SC-L) SC-L@securecoding.org
 List information, subscriptions, etc -
http://krvw.com/mailman/listinfo/sc-l
 List charter available at - http://www.securecoding.org/list/charter.php
 SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com 
 )
 as a free, non-commercial service to the software security community.
 ___
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___


-- 
No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.516 / Virus Database: 269.21.6/1317 - Release Date: 7/03/2008
8:15


___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___


Re: [SC-L] Secure Coding Books

2008-03-07 Thread Jim Manico
How to break web software is one of the best web security coder- 
centric books I have read. Its concise and useful.

Sent from my iPhone

On Mar 7, 2008, at 7:45 AM, Lawson, David L  
[EMAIL PROTECTED] wrote:

 I've read several secure coding books in the past, and was wondering  
 if
 anyone has recommendations for secure coding books (preferably from  
 the
 last year or two).

 Thanks,

 David Lawson
 ___
 Secure Coding mailing list (SC-L) SC-L@securecoding.org
 List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
 List charter available at - http://www.securecoding.org/list/charter.php
 SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com 
 )
 as a free, non-commercial service to the software security community.
 ___
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___


Re: [SC-L] Secure Coding Books

2008-03-07 Thread Goertzel, Karen [USA]
Do you really mean secure coding only, or are you looking for books on 
secure software development more generally?

--
Karen Mercedes Goertzel, CISSP
Booz Allen Hamilton
703.902.6981
[EMAIL PROTECTED]




-Original Message-
From: [EMAIL PROTECTED] on behalf of Lawson, David L
Sent: Fri 07-Mar-08 08:45
To: sc-l@securecoding.org
Subject: [SC-L] Secure Coding Books
 
I've read several secure coding books in the past, and was wondering if
anyone has recommendations for secure coding books (preferably from the
last year or two).

Thanks,

David Lawson
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___


Re: [SC-L] Secure Coding Books

2008-03-07 Thread Neil Daswani
Hi David,

There is a list of software security / secure coding books at:

http://www.sans-ssi.org/references.php

Gary McGraw has a blog post in which some of these references are
chronologically ordered at:

http://www.cigital.com/justiceleague/2007/04/23/software-security-now-2006-shows-impressive-growth/

If you're interested in secure coding for web applications, there is
also a list at:

http://www.webappsec.org/web_security_books.shtml

In the interest of disclosure, my own contribution
(http://tinyurl.com/33xs6g) which was published last year, is listed
on these pages as well.  I hope that some of the links above can help
you find what you need.

Sincerely,

Neil Daswani, PhD
http://www.neildaswani.com

My book, Foundations of Security: What Every Programmer Needs To
Know is available at http://tinyurl.com/33xs6g


On Fri, Mar 7, 2008 at 5:45 AM, Lawson, David L [EMAIL PROTECTED] wrote:
 I've read several secure coding books in the past, and was wondering if
  anyone has recommendations for secure coding books (preferably from the
  last year or two).

  Thanks,

  David Lawson
  ___
  Secure Coding mailing list (SC-L) SC-L@securecoding.org
  List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
  List charter available at - http://www.securecoding.org/list/charter.php
  SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
  as a free, non-commercial service to the software security community.
  ___




--
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___


Re: [SC-L] Secure Coding Books

2008-03-07 Thread Robert C. Seacord

David,

I like Secure Coding in C and C++  
(http://www.cert.org/books/secure-coding/)

The guy who wrote it is a bit of a jerk, but it has a lot of good
technical information.

Another book I like is The Art of Software Security Assessment
http://www.amazon.com/gp/product/032126?ie=UTF8tag=taossa-20linkCode=as2camp=1789creative=9325creativeASIN=032126
(http://taossa.com/).

rCs

 I've read several secure coding books in the past, and was wondering if
 anyone has recommendations for secure coding books (preferably from the
 last year or two).

 Thanks,

 David Lawson
 ___
 Secure Coding mailing list (SC-L) SC-L@securecoding.org
 List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
 List charter available at - http://www.securecoding.org/list/charter.php
 SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
 as a free, non-commercial service to the software security community.
 ___
   


-- 
Robert C. Seacord
Senior Vulnerability Analyst
CERT/CC 

Work: 412-268-7608
FAX: 412-268-6989

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___


Re: [SC-L] Secure Coding Books

2008-03-07 Thread Dean H. Saxe
I'd check out Security: What Every Programmer Needs to Know by  
Daswani, Kern and Kesavan.  I haven't read it cover to cover yet, but  
it seems to cover the topics in a nice amount of detail.


-dhs

Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
Great spirits have often encountered violent opposition from weak  
minds.

--Einstein


On Mar 7, 2008, at 8:45 AM, Lawson, David L wrote:

I've read several secure coding books in the past, and was wondering  
if
anyone has recommendations for secure coding books (preferably from  
the

last year or two).

Thanks,

David Lawson
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com 
)

as a free, non-commercial service to the software security community.
___



___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___