I'm interested in learning about secure system design - the whole stack. Currently, I'm an expert .net/C# developer and I know about the differences between different hash functions, public/private key encryption and similar techniques, but my application is only a small part of the system as a whole.
For example, public/private key encryption isn't simply about the code I write - it's about protecting the private key. I need to give it to clients and they need to keep it save. Then there are other avenues, for example if my web service is secure but someone can just waltz into the database and download all the data, my application's security doesn't matter.
I'm looking into Bruce Schneier's Cryptography Engineering and Applied Cryptography 2nd edition, but these are low level books about the cryptographic algorithms. I need something several layers higher up, something that explains possible attack vectors to be aware of and how to protect against them and mistakes that people commonly make.
I saw a few questions here on Security.SE, but these seemed specific to individual designs or were limited to the Application and not the system as a whole, so I wonder if there is something modern (ideally something that knows about stuff like SHA-3 and "modern" brute force attacks using Cloud or GPU based computing clusters) and authoritative?
