This is a list of resources which I have found to be useful on my own journey into the field of application security (primary of which has been focused on web based applications). In addition I have included resources outside of this which I think would be useful for those entering the field. This document will be a living document and I will be adding to it, as well as making changes as more content gets added and as the industry adopts to new technologies and threats.
Last update: 7 July 2018
Books
- The Tangled Web: A Guide to Securing Modern Web Applications by Michal Zalewski
- The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws: Discovering and Exploiting Security Flaws by Dafydd Stuffard and Marcus Pinto
- HACKING EXPOSED WEB APPLICATIONS, Third Edition: Web Application Security Secrets and Solutions by Joel Scambray, Vincent Liu and Caleb Sima
- 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them by Michael Howard, David Leblanc and John Viega
- The Hacker Playbook 3: Practical Guide to Penetration Testing by Peter Kim
- Advanced Penetration Testing: Hacking the World's Most Secure Networks by Wil Allsopp
- How to Hack Like a GOD: Master the secrets of Hacking through real life scenarios by Sparc FLOW
- How to Hack Like a PORNSTAR: A step by step process for bracking into a BANK by Sparc FLOW
- Serious Cryptography by Jean-Philippe Aumasson
- Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition by Gerard Johansen, Lee Allen, Tedi Heriyanto and Shakeel Ali
- Gray Hat Hacking, The Ethical Hacker's Handbook - Fourth Edition
- Hacking Exposed 7: Network Security Secrets & Solutions - Sevent Edition by Stuart Mcclure, Joel Scambray and George Kurtz
Online Training
References
Image attribution: Tero Vesalainen @ https://pixabay.com/en/thought-idea-innovation-imagination-2123970/