Hacker News new | past | comments | ask | show | jobs | submit login

Where do programmers learn about this stuff? Is it taught at schools? Can anyone recommend good books on proper security procedures?



For web security, I'd recommend checking out this question on Stack Overflow: http://stackoverflow.com/questions/72394/what-should-a-devel...

Also the OWASP top ten vulnerabilities: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Proje...


A great place to start is "Applied Cryptography" by Bruce Schneier.

http://www.schneier.com/book-applied.html

Edit: Note, this really barely scratches the surface for building secure software. AC says how to apply cryptographic primitives correctly. It won't teach you how to avoid vulnerabilities specific to particular application domains (like CSS, SQL injection, etc...).


That book is old, and though still basically correct, there's much better ways to learn about the practice of developing secure systems. I recommend "Cryptography Engineering" by Ferguson, Schneier, Kohno which is a more modern descendant of Schneier's AC.


Looks like I need to update my bookshelf. Thanks for the recommendation.


Being a programmer means committing yourself to a life of continued education. Building a secure authentication system? Time to read up on the subject. You don't have to go far before you learn about the vulnerability of MD5 hashes for password storage.


A good start can be made by following the work of Ross Anderson and having a read of his book.

http://www.cl.cam.ac.uk/~rja14/ http://www.cl.cam.ac.uk/~rja14/book.html


Websites like this are great. Just look at what other learned people here are saying about cryptography.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: