Secure Application Development
	Archive 2007
current faculty program location registration subscribe related past events	Events Johan Peeters, the secappdev.org program director, participates in the Data News debate on security in 2007 "New threats, better weapons" on March 21^st 2007 at Infosecurity.be. The secappdev.org affiliate ISSA-BE organizes an evening event on code review at the CyberTrust offices in Leuven on Wednesday, March 7^th 2007. HD Moore, author of the Metasploit framework, and secappdev.org faculty member, is speaking at the seventh Free and Open source Software Developers' European Meeting (FOSDEM). Like the previous editions, FOSDEM 2007 takes place during the last weekend of February at the Université Libre de Bruxelles Solbosch campus. Web sites The Open Web Application Security Project runs a web site with a wealth of invaluable information on web application security. The Build Security In portal is sponsored by the U.S. Dept. of Homeland Security. The two principal contributing organizations are Carnegie-Mellon University and Cigital. Secappdev faculty member Ken van Wyk is a main contributor to this site. Recommended reading Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson is a classic. Its scope is well beyond computer security, covering fields as diverse as security printing and e-policy, teasing out parallels between the respective fields. Of course, attackers are not constrained by the boundaries of a discipline. Anyone involved in secure system design can benefit from this work. The book is freely available online. Secrets and Lies: Security in a Networked World by Bruce Schneier provides an excellent and accessible overview of concepts and issues. Build Security In by Gary McGraw is a good introduction to building secure software. Writing Secure Code by Michael Howard and David LeBlanc is the book that emerged from Microsoft's security push and reveals some of the insights gathered. Secure Coding: Principles and Practices by Mark G. Graff and Kenneth R. Van Wyk explains how to address security concerns throughout the software development life cycle. Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone contains all a developer may wish to know about cryptography. It is unlikely that anyone will read it from cover to cover. However, it is excellent as a reference. It is also available for download. The Code Book: the Secret History of Codes and Codebreaking by Simon Singh is a lively, popular account of the history of cryptology. The book provides valuable insight into the subject without the formulae. Mailing lists The discussion on the Secure Coding list is of a high calibre. Tools There is a separate web page on tools. Administrativia secappdev.org is a not-for-profit organizations, registered in Belgium as a VZW/ASBL.

Secure Application Development

Archive 2007

Events

Johan Peeters, the secappdev.org program director, participates in the Data News debate on security in 2007 "New threats, better weapons" on March 21^st 2007 at Infosecurity.be.

The secappdev.org affiliate ISSA-BE organizes an evening event on code review at the CyberTrust offices in Leuven on Wednesday, March 7^th 2007.

FOSDEM, the Free and Open Source Software Developers' European Meeting

HD Moore, author of the Metasploit framework, and secappdev.org faculty member, is speaking at the seventh Free and Open source Software Developers' European Meeting (FOSDEM). Like the previous editions, FOSDEM 2007 takes place during the last weekend of February at the Université Libre de Bruxelles Solbosch campus.

Web sites

The Open Web Application Security Project runs a web site with a wealth of invaluable information on web application security.

The Build Security In portal is sponsored by the U.S. Dept. of Homeland Security. The two principal contributing organizations are Carnegie-Mellon University and Cigital. Secappdev faculty member Ken van Wyk is a main contributor to this site.

Recommended reading

Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson is a classic. Its scope is well beyond computer security, covering fields as diverse as security printing and e-policy, teasing out parallels between the respective fields. Of course, attackers are not constrained by the boundaries of a discipline. Anyone involved in secure system design can benefit from this work. The book is freely available online.

Secrets and Lies: Security in a Networked World by Bruce Schneier provides an excellent and accessible overview of concepts and issues.

Build Security In by Gary McGraw is a good introduction to building secure software.

Writing Secure Code by Michael Howard and David LeBlanc is the book that emerged from Microsoft's security push and reveals some of the insights gathered.

Secure Coding: Principles and Practices by Mark G. Graff and Kenneth R. Van Wyk explains how to address security concerns throughout the software development life cycle.

Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone contains all a developer may wish to know about cryptography. It is unlikely that anyone will read it from cover to cover. However, it is excellent as a reference. It is also available for download.

The Code Book: the Secret History of Codes and Codebreaking by Simon Singh is a lively, popular account of the history of cryptology. The book provides valuable insight into the subject without the formulae.

Mailing lists

The discussion on the Secure Coding list is of a high calibre.

Tools

There is a separate web page on tools.

Administrativia

secappdev.org is a not-for-profit organizations, registered in Belgium as a VZW/ASBL.