Recommended Books

This page lists books recommended by Chief Wizard, David Gray. David has read or used every book listed here, and owns a copy of each. He uses some of them so often, that he keeps them within arm's reach.

These books cover a wide range of subjects, reflecting David's many interests and skills. Please visit from time to time, as he will be adding new titles from time to time.

You can buy any of these books, and many more, at Amazon. Proceeds from sales generated from this page help support the free content found on this Web site.

Code Complete, Second Edition

Code Complete, Second Edition, by Steve McConnell, is a book that I believe every working programmer and systems architect, and any person who aspires to be either, should read at least once. Since I've been programming computers for almost 30 years, I've learned many of the lessons in this excellent book. Seeing many of them discussed and defended by a highly regarded author validated many of my hard won lessons. Along the way, I've also learned quite a bit about some of the newer concepts in software design, and have been motivated to reconsider a few of my long held beliefs.

No matter what kind of software you design or develop, what programming language you use, or how long you've been designing or writing software, you will learn enough from this book to justify its price, and the time you spend reading it.

Writing Secure Code, Second Edition

Writing Secure Code, Second Edition, by Michael Howard and David C. LeBlanc, is required reading for any software designer or programmer who is serious about security. Before I read the book, I thought the software that I designed was pretty secure. While I found that I was already doing most of the right things to make my software secure, I learned a lot, especially about SQL injection and cross site scripting attacks. I thought that most security issues in program code occurred in programs written in the C programming language, and I didn't have a very clear grasp of SQL injection or cross site scripting.

This book clearly explains both SQL injection and cross site scripting attacks, and clearly explains how to prevent them. Since I began using the C programming language in 2005, the discussion of secure programming in that language hit home. although I learned that I was mostly doing things the "right" way, I have become much more careful, and have changed some of my practices.

Like its companion, Code Complete, Second Edition, this book is clearly written and full of examples you can use in your own work. Although a working knowledge of both C and Perl are a big help, you need neither in order to benefit from this book.