| • | Bulletproofing Web Applications Adam Kolawa, Adam, Cynthia Dunlop, and Wendell Hicken (John Wiley & Sons Inc., 2001) |
| • | Extended Static Checking for Java, SQL Injection Walkthrough |
| • | IEEE Software "Statically Scanning Java Code: Finding Security Vulnerabilities" John Viega, Gary McGraw, Tom Mutdosch, and Edward W. Felten (September/October 2000). |
| • | Java.sun.com Security Code Guidelines |
| • | Secure Coding Principles and Practices Mark G. Graff and Kenneth R. van Wyk (O'Reilly & Associates, 2003) |
| • | Secure Programming for Linux and Unix HOWTO David A. Wheeler |
| • | Securing Java Gary McGraw and Edward Felten (John Wiley & Sons Inc., 1999) |
| • | "Twelve Rules for Developing More Secure Java Code" Gary McGraw and Edward Felten JavaWorld (December 1998). |
| • | Writing Secure Code Michael Howard and David LeBlanc (Microsoft Press, 2002) |
| • | Writing Secure Java Code Ravindra Rao (Macmillan Technical Publishing, 2000). |