Reference Books: Cryptography and {Network | Web | Computer} Security

    Applied cryptography and network security:

  1. Stallings, Cryptography and Network Security: Principles and Practice, 5/e (Prentice Hall, 2010). Relative to this book's 4th edition, the network security components and an extra chapter on SNMP are also packaged as Stallings' Network Security Essentials: Applications and Standards, 3/e (Prentice Hall, 2007).
  2. Kaufman, Perlman and Speciner, Network Security: Private Communications in a Public World, second edition (Prentice Hall, 2003).
  3. Menezes, Van Oorschot and Vanstone, Handbook of Applied Cryptography (CRC Press, 1996; 2001 with corrections), free online for personal use.

    Computer security, operating system security:

  4. Boyle and Panko, Corporate Computer Security (3/e, 2013, Prentice Hall). See also: Panko, Corporate Computer and Network Security (2/e, 2009, Prentice Hall).
  5. Stallings and Brown, Computer Security: Principles and Practice, 2/e (Prentice Hall, 2011).
  6. Goodrich and Tamassia, Introduction to Computer Security (Addison-Wesley, 2010).
  7. Pfleeger and Pfleeger, Security in Computing, 4/e (Prentice Hall, 2007).
  8. Gollmann, Computer Security, 2/e (Wiley, 2006).
  9. Bishop, Computer Security: Art and Science (Addison-Wesley, 2002). Shorter version which "omits much of the mathematical formalism": Introduction to Computer Security (Addison-Wesley, 2005).

    Software security:

  10. Viega and McGraw, Building Secure Software (Addison-Wesley, 2001).
  11. Howard and LeBlanc, Writing Secure Code, second edition (Microsoft Press, 2002).

    Web security, mobile code security, malicious code:

  12. OWASP project online resources.
  13. McGraw and Felton, Securing Java: Getting Down to Business with Mobile Code (Wiley, 1999; 1st edition: Java Security, 1997), free online web edition.
  14. Stein, Web Security: A Step-By-Step Reference Guide (Addison-Wesley, 1998).
  15. Rubin, Geer and Ranum, Web Security Sourcebook: A Complete Guide to Web Security Threats and Solutions (Wiley, 1997).
  16. Rubin, White-Hat Security Arsenal (Addison-Wesley, 2001).

    Firewalls and more:

  17. Cheswick and Bellovin, Firewalls and Internet Security, first edition (Addison-Wesley, 1994); free online for personal use. Second edition with Rubin (Feb. 2003).

    Security infrastructures and digital signatures:

  18. Adams and Lloyd, Understanding Public-Key Infrastructure, second edition (Macmillan Technical, 2002).
  19. Housley and Polk, Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructures (Wiley, 2001).

    Security in the real-life systems (including anecdotes):

  20. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, 2/e (Wiley, 2008). The first edition (2001) is available free online.
  21. Schneier, Secrets and Lies: Digital Security in a Networked World (Wiley, 2000).
Susan Landau's book review of 10 cryptography books (plus background introduction).
Bull. Amer. Math. Soc. 41 (2004), pp.357-367. Copyright 2004, American Mathematical Society.

The protection of information in computer systems. J.H. Saltzer, M.D. Schroeder. Proceedings of the IEEE 63(9):1278-1308 (Sept.1975). DOI: 10.1109/PROC.1975.9939. Here is a web version.

DoD Orange Book (1985) and other seminal papers in computer security (thanks to: UC Davis/Matt Bishop).

Educational comic strips teaching about password guessing attacks (thanks to Leah Zhang at Carleton).