Building Secure Software PDF
by John Viega
This book is from 2002.As such, it's a good book for its time, but it's hopelessly outdated for 2014.No TLS 1.2, no discussion of containerization, no actor model for concurrency to avoid race conditions, no bcrypt, no discussion of just using /dev/urandom for randomness...
More to the point, there are some disturbing gaps even in the book itself — for example, it recommends cryptlib for TLS, but cryptlib only supports TLS-PSK, and doesn't do X.509 certificate authentication, so it couldn't do any secure PKI even if you asked it nicely.
The security principles are great, and I think you could write a book on the details of input validation, and on authentication in general, but this isn't that book.Buy something more up to date instead of this.
Book tags: building secure software pdf, download, pdf, john viega
Download PDF Building Secure Software