Skip to main content

Security Books

There are many good security books available for developers on writing secure code. This page contains links to some of the best titles and to the essential books you should review in order to build truly secure applications.

patterns & practices

Improving Web Application Security: Threats and Countermeasures

This guide gives you a solid foundation for designing, building, and configuring secure ASP.NET Web applications. Whether you have existing applications or are building new ones, you can apply the guidance to help you make sure that your Web applications are hack-resilient.

Security Engineering Explained

To meet your application security objectives, you must integrate security into your application development life cycle. You can do so by including specific security-related activities in your current software engineering processes. These activities include identifying security objectives, applying secure design guidelines, patterns, and principles, creating threat models, conducting architecture and design reviews for security, performing regular code reviews for security, testing for security, and conducting deployment reviews to ensure secure configuration.

Secure Coding Principles and Practices

Secure Coding, by Mark G. Graff and Ken vanWyk, looks at the problem of bad code in a new way. Packed with advice based on the authors' decades of experience in the computer security field, this concise and highly readable book explains why so much code today is filled with vulnerabilities, and tells readers what they must do to avoid writing code that can be exploited by attackers. Beyond the technical, Secure Coding sheds new light on the economic, psychological, and sheer practical reasons why security vulnerabilities are so ubiquitous today.

Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication
This guide presents a practical, scenario-driven approach to designing and building secure ASP.NET applications for Windows 2000 and the Microsoft .NET Framework.

Microsoft Press

Writing Secure Code for Windows Vista

The definitive guide to developing more-secure software applications for Windows Vista.

Writing Secure Code, 2nd Edition

Discover the battle-tested security secrets of two code warriors who have worked in large-scale development and have defeated the world's most determined malicious hackers.

Security for Microsoft Visual Basic .NET

This resource provides best practices, step-by-step code walk-throughs, and concise explanations of key security terms, issues, and jargon to help developers create and run secure code with Visual Basic.

Threat Modeling

In this straightforward and practical guide, Microsoft application security specialists Frank Swiderski and Window Snyder describe the concepts and goals for threat modeling—a structured approach for identifying, evaluating, and mitigating risks to system security.

Security+ Certification Training Kit

Build the skills you will use on the job, as well as on the CompTIA Security+ certification exam, with this all-in-one training kit.

Microsoft Windows Security Resource Kit

Get detailed operations and deployment guidance, along with security tools on CD and the Web, from the Microsoft Windows Security Resource Kit.

More Microsoft Press Books about Security
Secure your vital assets against Internet-based threats with technical guidance and expert advice from Microsoft Press books.


.NET Framework Security

Venture into the world of secure applications using this high-end comprehensive reference on all the new security features available in .NET.

Hacking Exposed
Get insights into the ways systems and software are attacked and compromised, in the series of books called Hacking Exposed.
Security Engineering

Security Engineering is up-to-date, dense with anecdotes and war stories, and is full of pointers to recent research.

Secrets and Lies by Bruce Schneier

Information security expert Bruce Schneier explains what everyone in business needs to know about security in order to survive and be competitive.