After being away from things for a week on vacation, I gave a brief talk last night at the Seattle PHP Meetup. While I don't want to recount the takl as a whole, I did recommend several books to the developers attending. Here they are:
- OWASP Guide 2005: ($11.45, lulu.com) This freely redistributable book (you can download a copy for free here) is one of the standards. OWASP is a collaborative web security group and this is their outline for best practices.
- php|architect's Guide to PHP Security ($21.77, Amazon.com) While I don't think this book contains the best writing around, it is a good look at PHP-specific issues. And it includes lots of code examples (code examples are good).
- Secure Coding: Principals and Practices ($26.95, Amazon.com) This book looks at the entire development lifecycle from design to obsolecense from a security framework. There are lots of Secure Development Lifecycle frameworks. I chose this book because it looks more at the principals in general than at applying a specific framework.
- Web Application Hacker's Handbook:($30, Amazon.com) This is a fabulous book. While the other text deal with how to secure an application, this one will shop you how insecure code is actually exploited. I think it's important to understand both sides of code security so that we think about things in terms of actual security rather than just following best practices.
Leave a comment