Which are good books on application security for developers?
Here're some of the good books for developers:
- Code Complete, Second Edition by Steve McConnell
- Programming .NET Security by Adam Freeman
- Writing Secure Code, Second Edition by Michael Howard
- Threat Modeling, by Frank Swiderski, Window Snyder
- Secure Coding: Principles and Practices by Mark G. Graff, Kenneth R. Van Wyk
- Building Secure Software: How to Avoid Security Problems the Right Way by John Viega
- Java Security (2nd Edition) by Scott Oaks - This book is from 2001, so quite dated. We haven't seen a good, updated Java security book though.
- Essential PHP Security by Chris Shiflett