Security engineering is an increasingly important - and increasingly complex - field. What's the best overview you've seen of this field? (Can be blog, book, video etc). Who are some experts worth following on tech Twitter on this topic?
Book mentions in this thread
by Ross AndersonMarket_Desc: · Computer programmers and computer engineers with no security background· Computer Security Professionals· Students · Professors Special Features: · Revision of best-selling first edition, 0471389226, 3/9/01, 24,000 copies sold· Updated with 200 more pages and new coverage of Vista, Xen, phishing, Google issues, declassified military doctrine, Richard Clarke issues , Skype, mobile fraud, music security issues (iTunes, etc.), antitrust issues and more· No other book covers the security of embedded applications (cars, postal meters, vending machines, phones, etc.)· The author is one of the world's foremost authorities on security design for companies like Microsoft, Intel, and VISA; the first edition is considered the seminal work in security design About The Book: The book's contents speak to the audience: working technical professional with no security background. To that end, all examples are for current technologies and applications. Using current, real-world examples the book covers basic Concepts of Security Engineering (including examples of systems and failures).The book is a security design manual for embedded systems, the only one of its kind, thought to be a seminal work and controversial in high-level circles because some security experts think the author is giving the bad guys as many secret algorithms as the good guys but that's what you really have to know if you want to build good security systems.
Agile Application Security
by Laura BellAs the fastest growing, most commonly adopted development lifecycle, agile software development enables organizations to react quickly to rapidly changing customer requirements and market conditions without heavy capital investment or long delays. But many people in the software industry believe that this finely tuned balance of processes, patterns, and practices is difficult to integrate with traditional security management techniques. With this practical guide, you’ll learn a range of security tools and techniques specifically adapted to integrate with agile development. These practices aim to bridge the divide between these two worlds and bring security confidence and consciousness without compromising innovation, flexibility, and speed.
Alice and Bob Learn Application Security
by Tanya JancaLearn application security from the very start, with this comprehensive and approachable guide! Alice and Bob Learn Application Security is an accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in software development. This book covers all the basic subjects such as threat modeling and security testing, but also dives deep into more complex and advanced topics for securing modern software systems and architectures. Throughout, the book offers analogies, stories of the characters Alice and Bob, real-life examples, technical explanations and diagrams to ensure maximum clarity of the many abstract and complicated subjects. Topics include: · Secure requirements, design, coding, and deployment · Security Testing (all forms) · Common Pitfalls · Application Security Programs · Securing Modern Applications · Software Developer Security Hygiene Alice and Bob Learn Application Security is perfect for aspiring application security engineers and practicing software developers, as well as software project managers, penetration testers, and chief information security officers who seek to build or improve their application security programs. Alice and Bob Learn Application Security illustrates all the included concepts with easy-to-understand examples and concrete practical applications, furthering the reader’s ability to grasp and retain the foundational and advanced topics contained within.