In this, the final section of the book, let us consider some resources for software developers to learn more about security. Here are six of the best.
Agile Application Security is the book we wish had been there when we first looked for software security advice. It provides a good introduction on software security for application developers, and to agile software development for security experts. It then explores a range of issues in much more detail than we have in this book. Though it assumes that there are security experts available to work with each development team, is easy to read, and contains invaluable practical advice.
This book sets out and achieves to be the definitive guide to threat modelling. Based on the author’s extensive experience at Microsoft, it’s targeted at security experts, and assumes more technical knowledge than many software developers will have; but the writing is approachable to anyone, and this is definitely a book to have on your shelf.
These papers explore the knowledge set out in this book in more detail. While they are not written for software developers, they provide a foundation for the advice in this book.
This book describes a set of ‘anti-patterns’ for software developers. It explores each kind of security flaw, with examples, explanations of why they’re problematic, and references to the security literature around them. This is a book to dip into rather than read, but it’s worth having on your shelf.
Though not specific to software development, this monthly email of links to security-related news stories is one of the most widely-used resources for software developers who want to keep up to date with security issues.
Supported by these, you can have a state-of-the-art knowledge of the best ways to achieve software development security.
May success attend your efforts! And please let us know how you get on, and what might help us improve this work for other readers.