The field of web security, and computer security in general, is large and growing larger every day. Rather than attempting to list all of the many useful references, we’ll note the ones we think especially appropriate. For a more extensive listing of references, we recommend that you pursue either the COAST hotlist (cited below), or Appendixes D through F of Practical UNIX & Internet Security (also cited below). The COAST hotlist has, as of March 1997, more than 1000 references to Internet-based sources of security information; the PUIS book has almost 50 pages of references to journals, organizations, books, papers, and other resources in the indicated appendices.
There is a certain irony in trying to include a comprehensive list of electronic resources in a printed book such as this one. Electronic resources such as web pages, newsgroups, and mailing lists are updated on an hourly basis; new releases of computer programs can be published every few weeks. Books, on the other hand, are infrequently updated.
We present the following electronic resources with the understanding that this list necessarily can be neither complete nor completely up to date. What we hope, instead, is that it is expansive. By reading it, we hope that you will gain insight into places to look for future developments in web security. Along the way, you may find some information you can put to immediate use.
There are many mailing lists that cover security-related ...