RE: Web Security Books URL's

Mr. Grossman,

>-----Original Message-----
>From: Jeremiah Grossman [mailto:jeremiah@xxxxxxxxxxxxxxx] 
>
>Every so often someone asks what books are available for web 
[...]
>Web Security Books:
>http://www.webappsec.org/web_security_books.shtml

Nice! I have a little list I've been adding to reports or emailing out to
developers for a few years, but this is much more comprehensive, and
will make a nice professional link to provide.

There are a few other items you might consider adding:

Improving Web Application Security - Threats and Countermeasures
 
You can buy this book or download the PDF for free from the link below:

http://www.microsoft.com/downloads/details.aspx?FamilyId=E9C4BFAA-AF88-4AA5-88D4-0DEA898C31B9&displayl
ang=en


Security Engineering: A Guide to Building Dependable Distributed Systems by 
Ross Anderson

It is not a "webappsec" book but should be required reading for software 
designers.
It was one of the best system security books in 2001 and I haven't found a 
better
book on secure system design since.

Building Secure Software by John Viega and Gary McGraw

Writing Secure Code, Second Edition by Michael Howard and David LeBlanc,

The Shellcoder's Handbook: multiple authors

The Database Hacker's Handbook (obviously directly related to "web app 
security"),  multiple authors


-ae