Reference Books: Cryptography and {Network | Web | Computer} Security

    Applied cryptography and network security:

  1. Stallings, Cryptography and Network Security: Principles and Practice, 5/e (Prentice Hall, 2010). Relative to this book's 4th edition, the network security components and an extra chapter on SNMP are also packaged as Stallings' Network Security Essentials: Applications and Standards, 3/e (Prentice Hall, 2007).
  2. Kaufman, Perlman and Speciner, Network Security: Private Communications in a Public World, second edition (Prentice Hall, 2003).
  3. Menezes, van Oorschot and Vanstone, Handbook of Applied Cryptography (CRC Press, 1996; 2001 with corrections), free online for personal use.

    Computer security, operating system security:

  4. Boyle and Panko, Corporate Computer Security, 3/e (2013, Prentice Hall). See also: Panko, Corporate Computer and Network Security, 2/e (2009, Prentice Hall).
  5. Gollmann, Computer Security, 3/e (2011, Wiley).
  6. Smith, Elementary Information Security (2011, Jones & Bartlett Learning).
  7. Stallings and Brown, Computer Security: Principles and Practice, 2/e (2011, Prentice Hall).
  8. Stamp, Information Security: Principles and Practice, 2/e (2011, Wiley).
  9. Goodrich and Tamassia, Introduction to Computer Security (2010, Addison-Wesley).
  10. Saltzer and Kaashoek, Principles of Computer System Design (2009, Morgan Kaufmann). Free online chapters include (pdf) Ch.11: Information Security.
  11. Smith and Marchesini, The Craft of System Security (2007, Addison-Wesley).
  12. Pfleeger and Pfleeger, Security in Computing, 4/e (2007, Prentice Hall).
  13. Bishop, Computer Security: Art and Science (2002, Addison-Wesley). Shorter version which "omits much of the mathematical formalism": Introduction to Computer Security (2005, Addison-Wesley).

    Software security:

  14. Viega and McGraw, Building Secure Software (Addison-Wesley, 2001).
  15. Howard and LeBlanc, Writing Secure Code, second edition (Microsoft Press, 2002).

    Web security, mobile code security, malicious code:

  16. OWASP project online resources.
  17. McGraw and Felton, Securing Java: Getting Down to Business with Mobile Code (Wiley, 1999; 1st edition: Java Security, 1997), free online web edition.
  18. Stein, Web Security: A Step-By-Step Reference Guide (Addison-Wesley, 1998).
  19. Rubin, Geer and Ranum, Web Security Sourcebook: A Complete Guide to Web Security Threats and Solutions (Wiley, 1997).
  20. Rubin, White-Hat Security Arsenal (Addison-Wesley, 2001).

    Firewalls and more:

  21. Cheswick and Bellovin, Firewalls and Internet Security, 1/e (Addison-Wesley, 1994; free online for personal use). Second edition with Rubin (Feb. 2003).

    Security infrastructures and digital signatures:

  22. Adams and Lloyd, Understanding Public-Key Infrastructure, 2/e (Macmillan Technical, 2002).
  23. Housley and Polk, Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructures (Wiley, 2001).

    Security in the real-life systems (including anecdotes):

  24. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, 2/e (Wiley, 2008). The first edition (2001) is available free online.
  25. Schneier, Secrets and Lies: Digital Security in a Networked World (Wiley, 2000).
Miscellaneous resources: