Secure Application Development
Home faculty program location registration subscribe related past events	Events The OWASP Belux chapter is holding a chapter meeting on development life cycles on March 4^th at 6 PM on the Computer Science campus of Katholieke Universiteit Leuven. Faculty members Ken van Wyk and Bart De Win will be giving a talk. The OWASP AppSec Europe 2008 conference will be held in Brussels from May 20^th-23^rd. Web sites The Open Web Application Security Project runs a web site with a wealth of invaluable information on web application security. The Build Security In portal is sponsored by the U.S. Dept. of Homeland Security. The two principal contributing organizations are Carnegie-Mellon University and Cigital. Secappdev faculty member Ken van Wyk is a main contributor to this site. Recommended reading Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson is a classic. Its scope is well beyond computer security, covering fields as diverse as security printing and e-policy, teasing out parallels between the respective fields. Of course, attackers are not constrained by the boundaries of a discipline. Anyone involved in secure system design can benefit from this work. The book is freely available online. Secrets and Lies: Security in a Networked World by Bruce Schneier provides an excellent and accessible overview of concepts and issues. Build Security In by Gary McGraw is a good introduction to building secure software. Writing Secure Code by Michael Howard and David LeBlanc is the book that emerged from Microsoft's security push and reveals some of the insights gathered. Secure Coding: Principles and Practices by Mark G. Graff and Kenneth R. Van Wyk explains how to address security concerns throughout the software development life cycle. Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone contains all a developer may wish to know about cryptography. It is unlikely that anyone will read it from cover to cover. However, it is excellent as a reference. It is also available for download. The Code Book: the Secret History of Codes and Codebreaking by Simon Singh is a lively, popular account of the history of cryptology. The book provides valuable insight into the subject without the formulae. Mailing lists The discussion on the Secure Coding list is of a high calibre. Tools There is a separate web page on tools. Administrativia secappdev.org is a non-profit organization, registered in Belgium as a VZW/ASBL.

Secure Application Development

Events

The OWASP Belux chapter is holding a chapter meeting on development life cycles on March 4^th at 6 PM on the Computer Science campus of Katholieke Universiteit Leuven. Faculty members Ken van Wyk and Bart De Win will be giving a talk.

The OWASP AppSec Europe 2008 conference will be held in Brussels from May 20^th-23^rd.

Web sites

The Open Web Application Security Project runs a web site with a wealth of invaluable information on web application security.

The Build Security In portal is sponsored by the U.S. Dept. of Homeland Security. The two principal contributing organizations are Carnegie-Mellon University and Cigital. Secappdev faculty member Ken van Wyk is a main contributor to this site.

Recommended reading

Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson is a classic. Its scope is well beyond computer security, covering fields as diverse as security printing and e-policy, teasing out parallels between the respective fields. Of course, attackers are not constrained by the boundaries of a discipline. Anyone involved in secure system design can benefit from this work. The book is freely available online.

Secrets and Lies: Security in a Networked World by Bruce Schneier provides an excellent and accessible overview of concepts and issues.

Build Security In by Gary McGraw is a good introduction to building secure software.

Writing Secure Code by Michael Howard and David LeBlanc is the book that emerged from Microsoft's security push and reveals some of the insights gathered.

Secure Coding: Principles and Practices by Mark G. Graff and Kenneth R. Van Wyk explains how to address security concerns throughout the software development life cycle.

Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone contains all a developer may wish to know about cryptography. It is unlikely that anyone will read it from cover to cover. However, it is excellent as a reference. It is also available for download.

The Code Book: the Secret History of Codes and Codebreaking by Simon Singh is a lively, popular account of the history of cryptology. The book provides valuable insight into the subject without the formulae.