[michaelf]

A great place to start is "Applied Cryptography" by Bruce Schneier.

http://www.schneier.com/book-applied.html

Edit: Note, this really barely scratches the surface for building secure software. AC says how to apply cryptographic primitives correctly. It won't teach you how to avoid vulnerabilities specific to particular application domains (like CSS, SQL injection, etc...).

[marshray]

That book is old, and though still basically correct, there's much better ways to learn about the practice of developing secure systems. I recommend "Cryptography Engineering" by Ferguson, Schneier, Kohno which is a more modern descendant of Schneier's AC.

[michaelf]

Looks like I need to update my bookshelf. Thanks for the recommendation.