Skip to content

Security: bleach/reading-matter

Security

security.md

Security

A collection of reading matter that would give good background coverage on security. Most relevant to people building or operating systems attached to the Internet.

General security principles

Something written by Bruce Schneier

Most of his general security writing would provide a good introduction to the type of problems being faced currently, some good principles for addressing them and some common anti-patterns to avoid.

These are particularly useful.

Avoid his writing on cryptography until you have the general security background.

You will likely also be interested in his blog, but his general security writing is a vbetter way to get started.

Building secure systems

Security Engineering is a good reference book for those building systems that are likely to be attacked.

It may seem quite long, but it is definitely worth it. It is the most thorough overview that currently exists and will fill in the gaps in your knowledge that you might still have after reading more detailed texts on specialist areas. If you don't have the specialist knowledge yet, it's a great (although demanding) use of your time.

Thinking in Systems, A Primer, Donella Meadows, ISBN: 978-1603580557

This is not specifically about security, but gives you some of the insight into how to think about systems in a way that will help you understand their security.

Cyber War: The Next Threat to National Security and What to Do About It

Focused on policy and various other Government responses. Lots of examples of attacks and details about the blurring between criminals and states.

Cyber War Will Not Take Place

Very policy focused, basically claiming that it's not really war. Again lots of legal details but also interesting examples and arguments.

Inside Cyber Warfare: Mapping the Cyber Underworld

A book basically about the makeup and structure of Russian criminal organisations and what nefarious online crime they get up to. Lots of public details of the type our colleagues won't tell you :)

Threat Modeling: Designing for Security

Useful in the context of thinking about what we're protecting, and having an attacker's mindset.

The Tangled Web: A Guide to Securing Modern Web Applications

Brilliant book on attacking web apps.

There aren’t any published security advisories