

How do you program securely? - panjaro

I&#x27;m a sole developer in a non-IT company. I use C# for programming and AWS.I&#x27;m responsible for everything here. How would I be able to stay secure? How should I start in order to program securely? Any good Books?
======
USNetizen
Start here for some reading material: [https://github.com/paragonie/awesome-
appsec](https://github.com/paragonie/awesome-appsec)

Get to know the static analysis tools out there, check out OWASP (for web
apps), and learn threat modeling. Application security isn't a one-time thing,
it's something that is constantly evolving and changing. Learn the processes,
then go into the details from there into your chosen technology stack. I've
also read this book, which is good but doesn't go very in deep with the
technical stuff: [http://www.amazon.com/Enterprise-Software-Security-
Disciplin...](http://www.amazon.com/Enterprise-Software-Security-Disciplines-
Addison-Wesley-ebook/dp/B00QFI5S94)

Application security isn't just about programming either. It entails elements
of risk management, architecture security, configuration management and many
other disciplines to be performed effectively.

------
getdavidhiggins
A personal favorite of mine is this book "Fuzzing: Brute Force Vulnerability
Discovery", by Michael Sutton

[http://amazon.decenturl.com/fuzzing](http://amazon.decenturl.com/fuzzing)

Best looking at how hackers are getting in, as-well as programming
defensively. Tobias Klein's "A Bug Hunter's Diary" is a good read too:

[http://amazon.decenturl.com/bug-hunter](http://amazon.decenturl.com/bug-
hunter)

~~~
panjaro
Published in 2007 & 2011\. Are there updated editions?

~~~
getdavidhiggins
There's a more recent book out titled "The 7 Qualities of Highly Secure
Software" (2012) [http://amazon.decenturl.com/secure-
software](http://amazon.decenturl.com/secure-software) Worth a read

There's also "Threat Modeling: Designing for Security"
[http://amazon.decenturl.com/threat-
modeling](http://amazon.decenturl.com/threat-modeling) (2014)

------
zzzcpan
Learn threat modeling first. It will change the way you think about programs.

