http://dwheeler.com/secure-programs/Secure-Programs-HOWTO.html

----- Forwarded message from Aleph One  -----

Approved-By: aleph1@DFW.NET
X-Sender: aleph1@dfw.nationwide.net
Date: 	Tue, 21 Jul 1998 13:47:31 -0500
Reply-To: Aleph One 
From: Aleph One 
Subject:      Summary: Secure Programming References
To: BUGTRAQ@NETSPACE.ORG

This is a summary of secure programming references. Thanks to the folks
that contributed.

http://www.sun.com/sunworldonline/swol-04-1998/swol-04-unixsecurity.html
http://www.sun.com/sunworldonline/swol-04-1998/swol-04-security.html
http://www.homeport.org/~adam/review.html
http://olympus.cs.ucdavis.edu/~bishop/secprog.html
http://www.research.att.com/~smb/talks/odds.[ps|pdf]
http://www.pobox.com/~kragen/security-holes.txt

Chapter 22 in "Practical UNIX & Internet Security" is called "Writing
Secure SUID and Network Programs".

"Writing Solid Code", published by Microsoft Press (I forget the
author).  The book actually focuses on writing bug-free software, and
not on security issues, but there's definitely a large overlap there.

Take the SANS course on security programming taught by Matt Bishop. It
is very highly rated by those that have attended. The next SANS is in
October down in Orlando. See www.sans.org
1:30 - 5:30 pm - 'Writing Secure Programs'

Thanks to:

Tom Hall 
Marko Milivojevic 
Wilson Roberto Afonso 
Joseph Pung 
Doug Hughes 
Kragen 
Steven M. Bellovin 

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01

----- End forwarded message -----