• [StallingsBrown] Computer Security: Principles and Practice (3rd Edition) by William Stallings and Lawrie Brown, Publisher: Prentice Hall, 2014. http://www.amazon.com/Computer-Security-Principles-Practice-3rd/dp/0133773922

    A close substitution for the above book is:

  • [Stallings13] William Stallings, Cryptography and Network Security, 6th Edition, Prentice Hall, 2013. (This book provides comprehensive, academic textbook-style writings on the subject including detail technical descriptions of the algorithms and protocols. A bit too terse as an overview; better serves as a technical reference. Early editions of this book would still be useful.)

  • [Skoudis] Counter Hack Reloaded: A Step-by-step Guide to Computer Attacks and Effective Defenses (2nd Edition) by Ed Skoudis and Tom Liston. Publisher: Prentice Hall, 2005.

  • [GoodrichTamassia11] Introduction to Computer Security by Michael Goodrich and Roberto Tamassia, Published by Pearson Higher Education, 2011. https://www.amazon.com/Introduction-Computer-Security-Michael-Goodrich/dp/0321512944

    It offers an up-to-date, comprehensive introduction to the non-crypto aspects of computer/system security.

  • [PaarPelzl10] Understanding Cryptography: A Textbook for Students and Practioners by Christof Paar and Jan Pelzl, Published by Springer, 2010.

    Fulltext available as ebook via CUHK library; An excellent introductory text for Cryptography; well-balanced between mathematical vigor and engineering intuition for many modern practical crypto algorithms.

  • [Stuttard11] The Web Application Hacker’s Handbook - Discovering and Exploiting Security Flaws, 2nd Edition by Dafydd Stuttard and Marcus Pinto, Published by Wiley, 2011.

  • [Kaufman02] Charlie Kaufman, Radia Perlman, Mike Spenciner, Network Security, 2nd Edition by Dafydd Stuttard and Marcus Pinto, Published by Prentice Hall, 2002. (The authors are all well-known designers/architects of key security protocols/systems widely deployed in practice. The book provides excellent insights on the technical details and rationale behind the design of the protocols/algorithms. The technical depth may overwhelm casual, non-technical readers though.)

Additional References

  • [Anderson08] Ross Anderson, “Security Engineering, 2nd Edition” Wiley, 2008.
  • [Mel] Cryptography Decrypted by H.X.Mel and Doris M.Baker. Publisher: Addison Wesley, 2000.
  • [Menezes96] Alfred J. Menezes, Paul C. Van Oorschot, Scott A. Vanstone, “Handbook of Applied Cryptography”, CRC Press, 1996. A precise, mathematical-oriented reference. The entire manuscript can be freely downloaded for personal use from https://cacr.uwaterloo.ca/hac/
  • [Schneier96] Bruce Schneier, Applied Cryptography, 2nd Edition, Wiley, 1996. (A classical must-read for people who are serious in working in the area of cryptography.)
  • [Northcutt05] Stephen Northcutt et al, Inside Network Security Perimeter, 2nd Edition, New Riders, 2005. (Provides excellent intermediate/advanced treatments on technologies and network planning issues including VPNs, Firewalls, Intrusion detection; a must read for someone who wants to design/setup a secure network perimeter).
  • [McClure09] Stuart McClure, Joel Scambray and George Kurtz, Hacking Exposed, 6th Edition, McGrawHill Osborne, 2009. (One of the books in the best-selling “Hacking Exposed” series. A must-read for those who wants to understand the bolts and nuts of the latest vulnerabilities and exploits of real-world systems and networks. )
  • [Garfinkel02] Simon Garfinkel, Gene Spafford, Web Security, Privacy and Commerce, 2nd Edition O’Reilly, 2002. (Easy to read, informative and up-to-date discussions on the subject captioned. One of the strength is its coverage on the security-related services, products available in the real world. ).
  • [Viega02] John Viega and Gary McGraw, Building Secure Software, Addison Wesley, 2002. (A must-read for software developers/ system architects who wants to build secure software).
  • [Cheswick03] William R. Cheswick, Steven M. Bellovin and Aviel D. Rubin, Firewalls and Internet Security, 2nd Edition, Addison Wesley, 2003. (Intended for intermediate/advanced level audience. Provide informative and interesting technical details.)
  • [Liska03] Allan Liska, The Practice of Network Security, Prentice Hall, 2003. (A down-to-earth, good collection of practical networking/ protocol security pitfalls and configuration strategies.)
  • [Stein98] Lincoln D. Stein, Web Security, Addison Wesley, 1998. (Written by the author of the WWW FAQ. A good, easy-to-read introduction to practical web security problems. Include the bolts and nuts of real-life vulnerabilities and exploits. Very informative, but a bit outdated).
  • [Rubin01] Aviel D. Rubin, White-Hat Security Arsenal, Addison Wesley, 2001. (Written in a problem-solving style to discuss solutions for various security related tasks faced by an enterprise. Intermediate/advanced level).
  • [Stallings11] William Stallings, Cryptography and Network Security, 5th Edition, Prentice Hall, 2011. (Provides comprehensive, academic textbook-style writings on the subject including detail technical descriptions of the algorithms and protocols. A bit too terse as an overview; better serves as a technical reference.)
  • [Burnett01] Steve Burnett and Stephen Paine, RSA Security’s Official Guide to Cryptography, RSA Press, 2001. (Provides high-level descriptions on cryptography basics without getting into the technical details/mathematics).
  • [Grimes01] Roger A. Grimes, Malicious Mobile Code, 2001, O’Reilly Press. (Detail Coverage of Hostile Mobile codes for Windows-based systems).
  • [Anonymous03] Anonymous, Maximum Security, 4th Edition, SAMS, 2003. (A collection of chapters written by different authors, covering a wide range of practical network/system security issues)
  • [Pfleeger06] Charles P. Pfleeger and Shari Lawrence Pfleeger, Security in Computing, 4th Edition, Prentice Hall, 2006. (Describing security issues from a computing perspective.)
  • [O’Neill03] Mark O’Neill, et al., Web Services Security, Wiley, 2003. (Provides an overview on the issues and enabling technologies for secure Web Services.)
  • [Eastlake03] Donald E. Eastlake III and Kitty Niles, Security XML, Addison Wesley, 2003 (provides details about security features in XML).
  • [Mitnick02] Kevin D. Mitnick and William L. Simon, The Art of Deception, Wiley, 2002. (Kevin Mitnick was a high-profiled convicted hacker. The book provides first-hand insights on how “social engineering” is used to achieve security breaches of all types.
  • [Ferguson03] Niels Ferguson and Bruce Schneier, Practical Cryptography, Wiley, 2003. (A sequel to the classic by Bruce Schneier. It provides key insights on the design and implementation of real world secured systems.)
  • [Schneier04] Bruce Schneier, Secrets and Lies - Digital Security in a Networked World, Wiley, 2004. (An essay-style writing providing reflections on social, political and other not-so-technical aspects of security, privacy issues.)
  • [Ford01] Warwick Ford and Michael S. Baum, Secure Electronic Commerce, 2nd Edition, Prentice Hall, 2001. (Very readable introduction to protocols and systems designed for securing electronic commerces).
  • [Peikari03] Cyrus Peikari and Seth Fogie, Wireless Maximum Security, SAMS, 2003. (Focuses on practical vulnerabilities and exploits for 802.11 Wireless LAN systems.)
  • [Heiderich11] Mario Heiderich et al, Web Application Obfuscation, Syngress press, 2011.
  • [Clarke09] Justin Clarke, SQL Injection - Attacks and Defense, Syngress press, 2009.
  • [Smith07] Sean Smith and John Marchesini, The Craft of System Security, Addison Wesley, 2007.
  • [Rescoria01] Eric Rescoria, SSL and TLS, Addison Wesley, 2001. (Provides authoritative treatment on the detail technical design of the captioned protocols.)
  • [Barman01] Scott Barman, Writing Information Security Policies, New Riders, 2001. (A good introduction about writing security policies.)

Additional References Pointers by Topic

Intrusion Detection Systems

Forensic Analysis

Novel Attack

Web Application Security/Cross-Site scripting (intro)

Attack Patterns

General FAQs and Security Related Resources

Cryptography

Authentication Protocols Design, Mistakes and Lessons Learned

Network and System Security

Buffer Overflow Attacks and Defenses

Heap Overflow Attacks

String Formatting Attacks

IPSec

Wireless LAN Security

GSM Security

Web Services

Apache Web Server Digest-based Authentication

Lecture Notes Acknowledgments

The Lecture notes used in this course have incorporated materials and/or adapted from the following sources:

The contribution and copyrights of the original authors are hereby acknowledged and recognized.

  • Kurose and Ross, “Computer Networking – a top down approach featuring the Internet 2nd Edition, Chapter 7”
  • William Stallings, “Cryptography and Network Security, 3rd Edition”
  • Simon Garfinkel, Gene Spafford, “Web Security, Privacy and Commerce, 2nd Edition”
  • Charlie Kaufman, Radia Perlman, Mike Spenciner, “Network Security, 2nd Edition”
  • Lincoln D. Stein, “Web Security”
  • Ed Skoudis,“CounterHack”
  • Stever Burnett, Stephen Paine,“RSA Security’s Official Guide to Cryptography”
  • Prof. Kris Gaj, George Mason University
  • Prof. Vincent Costa, Hofstra University
  • Prof. Henric Johnson Blekinge, Institute of Technology
  • Prof. Henning Schurzinne of Columbia University
  • Prof.Wenke Lee of Georgia Tech
  • Prof. Felix Wu, UC Davis
  • Prof. Yehuda Afek, Tel Aviv University
  • CERT/CC CMU
  • Jochen Schiller, “Mobile Communications,” 2nd Edition, Addison Wesley
  • Jesse Walker, Intel corp.
  • James Kempf, DoCoMo Labs U.S.A.
  • Prof. Wayne Dyksen, Dept of CSE, Michigan State University
  • Drs. Lucas Hui, K.P. Chow, Dept of CS, The University of Hong Kong
  • Hon Ching Lo, Dept of CS, Clarkson University
  • Nancy Cam-Winget, Russ Housley, David Wagner and Jesse Walker, “Security Flaws in 802.11 Data Link Protocols,” Communications of the ACM, May 2003, Vol. 46, No. 5.