Fuzzing

There are two books that focus entirely on fuzzing. Both are interesting and useful, regardless of which tools you wind up using, open source or commercial.


 


Agile Software Development
If you're interested in scalable and sustainable lifecycle security for the applications you build, you'll enjoy this book. No matter what methodolgy your organization uses to build software, you'll get something useful from this book.

SDL
The Security Development Lifecycle includes an excellent discussion of Attack Surface Anaysis, as well as some insight into how Microsoft sought to improve their development processes. If you're interested in SALSA, you're probably interested in learning more about how Microsoft came up with SDL. The really fascinating thing is that they clearly used "agile" techniques to develop the SDL methodology.

Static Analysis
Secure Programming with Static Analysis is the bible for this stuff. There are lots of other resources available, too, but if you like to learn from books, this is a great place to start on this subject.

Here are a few books that have useful bits relevant to application lifecycle security.  We don't agree with everything in all of these books, but each of them has something useful.  We'll try to point you to the most interesting and useful bits in each.

Please note:
There are philosophical differences about placing ads on project pages like this.  We've decided that some books are better than others.  We're going to recommend the good ones.  If you click through the ads on these pages to buy your books, you'll be supporting further evolution of the SALSA approch to application security.  If you don't like ads in a militant sort of way, use an ad blocker.  -- The Management