Will Sargent reviewed Building secure software by John Viega (Addison-Wesley professional computing series)
Review of 'Building secure software' on 'Storygraph'
2 stars
This book is from 2002. As such, it's a good book for its time, but it's hopelessly outdated for 2014. No TLS 1.2, no discussion of containerization, no actor model for concurrency to avoid race conditions, no bcrypt, no discussion of just using /dev/urandom for randomness...
More to the point, there are some disturbing gaps even in the book itself -- for example, it recommends cryptlib for TLS, but cryptlib only supports TLS-PSK, and doesn't do X.509 certificate authentication, so it couldn't do any secure PKI even if you asked it nicely.
The security principles are great, and I think you could write a book on the details of input validation, and on authentication in general, but this isn't that book. Buy something more up to date instead of this.