□ Writing Secure Code, Second Edition by Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 6, «Determining Appropriate Access Control»
□ Writing Secure Code, Second Edition by Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 8, «Cryptographic Foibles»
□ Writing Secure Code, Second Edition by Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 9, «Protecting Secret Data»
□ Windows Access Control: http://msdn.microsoft.com/library/default.asp?url=/ library/en–us/secauthz/security/access_control.asp
□ Windows Data Protection: http://msdn.microsoft.com/library/default.asp7urH/ library/en–us/dnsecure/html/windataprotection–dpapi.asp
□ «How To: Use DPAPI (Machine Store) from : by J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy: http://msdn.microsoft.com/ Hbrary/en–us/dnnetsec/html/SecNetHT08.asp
□ Threat Mitigation Techniques: http://msdn.microsoft.com/library/en–us/ secbp/security/threat_mitigation_techniques.asp
□ Implementation of SecureZeroMemory: http://msdn.microsoft.com/library/ en–us/dncode/html/securel0102002.asp
□ «Making String More Secure»: http://weblogs.asp.net/shawnfa/archive/ 2004/05/27/143254.aspx
□ «Secure Programming for Linux and Unix HOWTO – Creating Secure Soft–ware» by David Wheeler: www.dwheeler.com/secure–programs
□ Java Security, Second Edition by Scott Oaks (O\'Reilly, 2001), Chapter 5, «Key Management, pp. 79–91
□ Jad Java Decompiler: http://kpdus.tripod.com/jad.html
□ Class KeyStore (Java 2 Platform 5.0): http://fl.java.sun.eom/j2se/l.5.0/docs/ api/java/security/KeyStore.html
□ «Enabling Secure Storage with Keychain Services»: http://developer.apple. com/d оси me ntation/S ecu rity/Conceptual/keychainServ Concepts/ keychainServConcepts.pdf
□ Java KeyStore Explorer: http://www.lazgosoftware.com/kse/
□ «Enabling Secure Storage With Keychain Services»: http://developer. apple, com / documentation/Security/Reference/keychainservices/index.html
□ introduction to Enabling Secure Storage With Keychain Services»: developer.apple.com/documentation/Security/Conceptual/keychainServ Concepts/03tasks/chapter_3_section_2.html
□ Knowledge Base Article 329290: «How to use ASP.NET utility to encrypt credentials and session state connection strings»: http://support.microsoft.com/ default.aspx? scid=kb;en–us;329290
□ «Safeguard Database Connection Strings and Other Sensitive Settings in Your Code» by Alek Davis: http://msdn.microsoft.com/msdnmag/issues/03/ll/ ProtectYourData/default.aspx
□ Reflector for .NET: http://www.aisto.com/roeder/dotnet/