Here are 100 books that Software Security fans have personally recommended if you like
Software Security.
Shepherd is a community of 12,000+ authors and super readers sharing their favorite books with the world.
As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.
This book is a “how-to” guide for teams developing secure software. Written by a team of experts, it covers the important issues in developing software that is better able to prevent successful attacks. The book contains many references, a strategy, and an implementation guide with cross-references. For each topic, the maturity of practice at the time of writing is provided, as well as an indication of the audience.
"This book's broad overview can help an organization choose a set of processes, policies, and techniques that are appropriate for its security maturity, risk tolerance, and development style. This book will help you understand how to incorporate practical security techniques into all phases of the development lifecycle."
-Steve Riley, senior security strategist, Microsoft Corporation
"There are books written on some of the topics addressed in this book, and there are other books on secure systems engineering. Few address the entire life cycle with a comprehensive overview and discussion of emerging trends and topics as well as this one."
It is April 1st, 2038. Day 60 of China's blockade of the rebel island of Taiwan.
The US government has agreed to provide Taiwan with a weapons system so advanced that it can disrupt the balance of power in the region. But what pilot would be crazy enough to run…
As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.
The title says it all. This is probably one of the first, if not the first book on secure
coding, by a pioneer in the field. Robert
worked tirelessly to make this happen. Although the book has been superseded by
the secure coding standards that evolved from it, it is still a good read and
contains a lot of useful information for developers.
Learn the Root Causes of Software Vulnerabilities and How to Avoid Them
Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root causes account for most of the vulnerabilities.
Secure Coding in C and C++, Second Edition, identifies and explains these root causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and to develop a security mindset that can help protect software from tomorrow's attacks, not…
As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.
This is one of the first books resulting from the Microsoft security “push,” and it’s a classic. It’s of interest both in understanding how Microsoft went about tackling the problem of developing secure software, and as a backdrop for the evolution of secure software development practices that emerged at Microsoft and other major software vendors.
Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs-the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL-from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.
Discover how to:
Use a streamlined risk-analysis process to find security…
A Duke with rigid opinions, a Lady whose beliefs conflict with his, a long disputed parcel of land, a conniving neighbour, a desperate collaboration, a failure of trust, a love found despite it all.
Alexander Cavendish, Duke of Ravensworth, returned from war to find that his father and brother had…
As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.
Although strictly speaking, this book is not on software security, it is so well-known in the field as a general reference that it deserves to be on this list. It discusses the important issues of computer security and can be used as either a textbook or a reference. No doubt that many, if not most, students of computer security are familiar with this book.
Today, everyone recognizes the importance of safeguarding computer systems and networks from vulnerability, attack, and compromise. But computer security is neither an easy art nor a simple science: its methodologies and technologies require rigorous study, and a deep grounding in principles that can be applied even as technologies change. Moreover, practitioners must understand how to align concepts with real policies, and then actually implement those policies -- managing inevitable tradeoffs such as "How secure do our devices really need to be, and how much inconvenience can we accept?"
In his extensively updated Computer Security: Art and Science, 2nd Edition, University…
Being able to understand and change reality through our knowledge and skill is literal magic. We’re building systems with so many exciting and unexpected properties that can be exploited and repurposed for both good and evil. I want to keep some of that magic and help people engineer – build great systems that make people’s lives better. I’ve been securing (and breaking) systems, from operating rooms to spaceships, from banks to self-driving cars for over 25 years. The biggest lesson I’ve learned is that if security is not infused from the start, we’re forced to rely on what ought to be our last lines of defense. This list helps you infuse security into your systems.
Loren’s been contributing to security for over 40 years, and this book captures his hard-won wisdom in a way that’s both humble and accessible. It scales from principles and design approaches to in-depth explanations of exactly how things go wrong and how to avoid those problems. (Also, I was honored to write the foreword.)
Designing Secure Software consolidates Loren Kohnfelder's more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process. The book begins with a discussion of core concepts. The second part, perhaps this book's most important contribution, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written…
I’ve been playing with computers and electronics since childhood. I even supported the people in my village with their computer issues back then. During my studies in electrical engineering, I learned how to solve technical challenges with structured approaches. At this time, I became fascinated by topics like cryptography and embedded system security. The books on this list helped me understand important concepts and practical real-world obstacles. I hope they are also of value to you!
When I take this book off my shelf, the probability that I find the answer I'm looking for is very high. Yes, it's a big book, and I'm pretty sure I haven't read every single page yet, but because of its broad coverage of security engineering knowledge, from crypto to real-world processes, it is an invaluable reference for teaching and practical cyber security.
Now that there's software in everything, how can you make anything secure? Understand how to engineer dependable systems with this newly updated classic
In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.
This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than…
The Duke's Christmas Redemption
by
Arietta Richmond,
A Duke who has rejected love, a Lady who dreams of a love match, an arranged marriage, a house full of secrets, a most unneighborly neighbor, a plot to destroy reputations, an unexpected love that redeems it all.
Lady Charlotte Wyndham, given in an arranged marriage to a man she…
Being able to understand and change reality through our knowledge and skill is literal magic. We’re building systems with so many exciting and unexpected properties that can be exploited and repurposed for both good and evil. I want to keep some of that magic and help people engineer – build great systems that make people’s lives better. I’ve been securing (and breaking) systems, from operating rooms to spaceships, from banks to self-driving cars for over 25 years. The biggest lesson I’ve learned is that if security is not infused from the start, we’re forced to rely on what ought to be our last lines of defense. This list helps you infuse security into your systems.
This book captures lessons from many authors at Google, some of whom I’ve worked with over the years. The chapters on availability (7, 8, 9) were a revelation to me. I had no idea how Google approaches the topic of resilience and recovery in their systems, and I now think of the whole topic very differently. The biggest takeaway is how to think about the design of systems.
Can a system be considered truly reliable if it isn't fundamentally secure? Or can it be considered secure if it's unreliable? Security is crucial to the design and operation of scalable systems in production, as it plays an important part in product quality, performance, and availability. In this book, experts from Google share best practices to help your organization design scalable and reliable systems that are fundamentally secure.
Two previous O'Reilly books from Google-Site Reliability Engineering and The Site Reliability Workbook-demonstrated how and why a commitment to the entire service lifecycle enables organizations to successfully build, deploy, monitor, and maintain…
I became enthused about using mathematical models to understand the natural world as an undergraduate, got trained to do so, and spent my career working on a wide variety of applications. Most recently, I translated ideas from disease modeling to understand cyber variability and security.
To maximize success when applying mathematics to the natural or (for cyber) operational world, one needs to master the appropriate mathematical tools and have a deep knowledge of the subject matter. My recommendations are three really great books that will help you gain proficiency in the needed mathematical tools and how to apply them, and two equally great books on cyber systems.
This is a classic! I have had (and worn through copies) since 1969.
There is no explicit mention of disease in Maynard Smith’s book, but the two chapters on population regulation will give you all the tools you need to start applying ideas from disease biology.
As with the Feynman lectures, there is mathematics in this book – but it begins with arithmetic. I recommend it for much the same reason that I recommend Feynman because it will show you how mathematical reasoning can illuminate biology and was written by one the great mathematical biologists of the 20th century.
The book is written for biologists and has the same quality as Feynman’s lectures of having plenty of words that bring the mathematics to life.
This is a lucid introduction to some of the mathematical ideas which are useful to biologists. Professor Maynard Smith introduces the reader to the ways in which biological problems can be expressed mathematically, and shows how the mathematical equations which arise in biological work can be solved. Each chapter has a number of examples which present further points of biological and mathematical interest. interest. Professor Maynard Smith's book is written for all biologists, from undergraduate level upwards, who need mathematical tools. Only an elementary knowledge of mathematics is assumed. Since there are already a number of books dealing with statistics…
I became enthused about using mathematical models to understand the natural world as an undergraduate, got trained to do so, and spent my career working on a wide variety of applications. Most recently, I translated ideas from disease modeling to understand cyber variability and security.
To maximize success when applying mathematics to the natural or (for cyber) operational world, one needs to master the appropriate mathematical tools and have a deep knowledge of the subject matter. My recommendations are three really great books that will help you gain proficiency in the needed mathematical tools and how to apply them, and two equally great books on cyber systems.
This is a short (about 100 pages) and relatively new (2020) book showing how mathematical modeling of the dynamics of populations can be used to give new insights to the classic experiments by the scientist Georgy Gause on predation by one kind of single-celled organism called Didinium on another single celled organism Paramecium (which may sound familiar from high school biology), where the populations are the numbers of the two species and to the outcomes of classical military battles like Trafalgar, where the populations are the sizes of the forces of each side.
McCue’s book is very well written and most of it is accessible with relatively simple mathematics. It will also show you how we can include the randomness that is inherent to nature (and to all operational situations) in models.
McCue is a top flight operations analyst; as with Feynman and Maynard Smith, reading this book – even…
F.W. Lanchester famously reduced the mutual erosion of attrition warfare to simple mathematical form, resulting in his famous "Square Law," and also the "Linear Law." Followers have sought to fit real-world data to Lanchester's equations, and/or to elaborate them in order to capture more aspects of reality.In Beyond Lanchester, Brian McCue--author of the similarly quantitative U-Boats In The Bay Of Biscay--focusses on a neglected shortcoming of Lanchester's work: its determinism. He shows that the mathematics of the Square Law contain instability, so that the end-state it predictes is actually one of the least likely outcomes.This mathematical truth is connected to…
This book follows the journey of a writer in search of wisdom as he narrates encounters with 12 distinguished American men over 80, including Paul Volcker, the former head of the Federal Reserve, and Denton Cooley, the world’s most famous heart surgeon.
In these and other intimate conversations, the book…
I have been an information technology and cybersecurity professional for over two decades. I’ve learned over and over again that “people are the weakest link.” You can build the most secure system in the world, with stringent password requirements. But if the user writes their password down and leaves it where someone else can see it, system security is irrelevant! The easiest way to gain access to a system is via “social engineering” – to trick a human being into giving you the access you need, rather than trying to hack the systemitself. The books on this list will help the reader lower their chances of being exploited like this.
Cybersecurity is Everybody’s Business is a great book that focuses not only on the how to keep your data safe, but on the very critical why this is important. Author Scott Schober suffered a grievous cyberattack in a previous business, and he brings his experience to the forefront in this guide. Joined by his brother as co-author, they focus on cybersecurity for the home and small business – environments that are unlikely to employ full-time cybersecurity professionals. (That’s why these places are often targets for the bad guys!)
Since publication of his first book, HACKED AGAIN, Scott Schober has dedicated himself to educating anyone who would listen by telling his own story of being hacked in the hope that others can learn from his own mistakes. Now joined by his brother Craig, the two have set their sights on the biggest target of all, small businesses.
There are 30 million small businesses currently operating in the United States. Some of them are single owner/operated while others collectively employ hundreds of millions. This book is for all of them and anyone who makes it their business to stay safe…
