awesome-appsec: resources for learning about application security
Awesome AppSec
A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes.
Maintained by Paragon Initiative Enterprises with contributions from the application security and developer communities. We also have other community projects which might be useful for tomorrow’s application security experts.
If you are an absolute beginner to the topic of software security, you may benefit from reading A Gentle Introduction to Application Security.
Application Security Learning Resources
- General
- Articles
- Books
- Web Application Hacker’s Handbook (2011)
- Cryptography Engineering (2010)
- Gray Hat Python: Programming for Hackers and Reverse Engineers (2009)
- The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (2006)
- C Interfaces and Implementations: Techniques for Creating Reusable Software (1996)
- Reversing: Secrets of Reverse Engineering (2005)
- JavaScript: The Good parts (2008)
- Windows Internals: Including Windows Server 2008 and Windows Vista, Fifth Edition (2007)
- The Mac Hacker’s Handbook (2009)
- The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler (2008)
- Internetworking with TCP/IP Vol. II: ANSI C Version: Design, Implementation, and Internals (3rd Edition) (1998)
- Network Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked Devices (2004)
- Computation Structures (MIT Electrical Engineering and Computer Science) (1989)
- Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection (2009)
- Secure Programming HOWTO (2015)
- Security Engineering – Second Edition (2008)
- Bulletproof SSL and TLS (2014)
- Classes
- Websites
- Android
- C
- C++
- C Sharp
- Java
- Node.js
- PHP
- Articles
- It’s All About Time (2014)
- Secure Authentication in PHP with Long-Term Persistence (2015)
- 20 Point List For Preventing Cross-Site Scripting In PHP (2013)
- 25 PHP Security Best Practices For Sys Admins (2011)
- PHP data encryption primer (2014)
- Preventing SQL Injection in PHP Applications – the Easy and Definitive Guide (2014)
- You Wouldn’t Base64 a Password – Cryptography Decoded (2015)
- A Guide to Secure Data Encryption in PHP Applications (2015)
- Books and ebooks
- Useful libraries
- Websites
- Articles
- Perl
- Python
- Ruby