===================
Reference materials
===================
------------
Cryptography
------------
- *Applied Cryptography* by Bruce Schneier. John Wiley & Sons, 1996. ISBN 0-471-11709-9.
- `Handbook of Applied Cryptography `__ by Menezes, van Oorschot, and Vanstone.
- *Introduction to Cryptography* by Johannes Buchmann. Springer, 2004. ISBN 978-0-387-21156-5.
- Cryptographic libraries:
- `KeyCzar `__ by Google.
- `GPGME `__ by GnuPG.
- `OpenSSL `__.
- `NaCl: Networking and Cryptography library `__ by Tanja Lange and Daniel J. Bernstein.
-------------------------
Control hijacking attacks
-------------------------
- `Smashing The Stack For Fun And Profit `__, Aleph One.
- `Bypassing non-executable-stack during exploitation using return-to-libc `__ by c0ntex.
- `Basic Integer Overflows `__, blexim.
- *The C programming language (second edition)* by Kernighan and Ritchie. Prentice Hall, Inc., 1988. ISBN 0-13-110362-8, 1998.
- `Intel Memory Protection Extensions `__.
- `Intel 80386 Programmer's Reference Manual `__, 1987. Alternatively, in `PDF format `__. Much shorter than the full current Intel architecture manuals below, but often sufficient.
- `Intel Architecture Software Developer Manuals `__.
------------
Web security
------------
- `Browser Security Handbook `__, Michael Zalewski, Google.
- `Browser attack vectors `__.
- `Google Caja `__ (capabilities for Javascript).
- `Google Native Client `__ allows web applications to safely run x86 code in browsers.
- `Myspace.com - Intricate Script Injection Vulnerability `__, Justin Lavoie, 2006.
- `The Security Architecture of the Chromium Browser `__ by Adam Barth, Collin Jackson, Charles Reis, and the Google Chrome Team.
- `Why Phishing Works `__ by Rachna Dhamija, J. D. Tygar, and Marti Hearst.
-----------
OS security
-----------
- `Secure Programming for Linux and Unix HOWTO `__, David Wheeler.
- `setuid demystified `__ by Hao Chen, David Wagner, and Drew Dean.
- `Some thoughts on security after ten years of qmail 1.0 `__ by Daniel J. Bernstein.
- `Wedge: Splitting Applications into Reduced-Privilege Compartments `__ by Andrea Bittau, Petr Marchenko, Mark Handley, and Brad Karp.
- `KeyKOS source code `__.
------------------------
Exploiting hardware bugs
------------------------
- `Bug Attacks `__ on RSA, by Eli Biham, Yaniv Carmeli, and Adi Shamir.
- `Using Memory Errors to Attack a Virtual Machine `__ by Sudhakar Govindavajhala and Andrew Appel.
--------------
Mobile devices
--------------
- `iOS security `__