Reference Books: Cryptography and {Network | Web | Computer | Software} Security

    Computer Security and the Internet: Tools and Jewels (P.C. van Oorschot, 2019) is my latest book.
    Here are some other resources, listed by category:

    Software security:

  1. Mark Dowd, John McDonald, Justin Schuh (2007) The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities.
  2. Viega and McGraw, Building Secure Software (Addison-Wesley, 2001).
  3. Howard and LeBlanc, Writing Secure Code, second edition (Microsoft Press, 2002).

    Web security, mobile code security, malicious code:

  4. Michal Zalewski (2011) The Tangled Web: A Guide to Securing Modern Web Applications.
  5. OWASP project online resources.
  6. McGraw and Felton, Securing Java: Getting Down to Business with Mobile Code (Wiley, 1999; 1st edition: Java Security, 1997), free online web edition.
  7. Stein, Web Security: A Step-By-Step Reference Guide (Addison-Wesley, 1998).
  8. Rubin, Geer and Ranum, Web Security Sourcebook: A Complete Guide to Web Security Threats and Solutions (Wiley, 1997).
  9. Rubin, White-Hat Security Arsenal (Addison-Wesley, 2001).

    Firewalls and the Internet:

  10. Zwicky, Cooper, Chapman (2000, second edition) Building Internet Firewalls
  11. Cheswick and Bellovin, Firewalls and Internet Security, 1/e (Addison-Wesley, 1994; free online for personal use). Second edition with Rubin (Feb.2003).
  12. Boyle and Panko, Corporate Computer Security, 3/e (2013, Prentice Hall). See also: Panko, Corporate Computer and Network Security, 2/e (2009, Prentice Hall).

    Applied cryptography and network security:

  13. Menezes, van Oorschot and Vanstone, Handbook of Applied Cryptography (CRC Press, 1996; 2001 with corrections), free online for personal use.
  14. Kaufman, Perlman and Speciner, Network Security: Private Communications in a Public World, second edition (Prentice Hall, 2003).
  15. Stallings, Cryptography and Network Security: Principles and Practice, 5/e (Prentice Hall, 2010). Relative to this book's 4th edition, the network security components and an extra chapter on SNMP are also packaged as Stallings' Network Security Essentials: Applications and Standards, 3/e (Prentice Hall, 2007).

    Computer security, operating system security:

  16. Stallings and Brown, Computer Security: Principles and Practice, 3/e (2014, Prentice Hall).
  17. Gollmann, Computer Security, 3/e (2011, Wiley).
  18. Smith, Elementary Information Security (2011, Jones & Bartlett Learning).
  19. Stamp, Information Security: Principles and Practice, 2/e (2011, Wiley).
  20. Goodrich and Tamassia, Introduction to Computer Security (2010, Addison-Wesley).
  21. Saltzer and Kaashoek, Principles of Computer System Design (2009, Morgan Kaufmann). Free online chapters include (pdf) Ch.11: Information Security.
  22. Trent Jaeger (2008), Operating System Security
  23. Smith and Marchesini, The Craft of System Security (2007, Addison-Wesley).
  24. Pfleeger and Pfleeger, Security in Computing, 4/e (2007, Prentice Hall).
  25. Bishop, Computer Security: Art and Science (2002, Addison-Wesley). Shorter version which "omits much of the mathematical formalism": Introduction to Computer Security (2005, Addison-Wesley).
  26. Gasser, pdf (free online), Building a Secure Computer System (Van Nostrand Reinhold, 1988). Roger Schell's foreword refers to this as the "first book on the subject" and a "definitive reference".

    Security infrastructures and digital signatures:

  27. Adams and Lloyd, Understanding Public-Key Infrastructure, 2/e (Macmillan Technical, 2002).
  28. Housley and Polk, Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructures (Wiley, 2001).

    Security in the real-life systems (including anecdotes):

  29. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, 2/e (Wiley, 2008). The first edition (2001) is available free online.
  30. Schneier. Secrets and Lies: Digital Security in a Networked World (Wiley, 2000).
Miscellaneous resources: