Awesome AppSec

A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes.

Maintained by Paragon Initiative Enterprises with contributions from the application security and developer communities. We also have other community projects which might be useful for tomorrow's application security experts.

If you are an absolute beginner to the topic of software security, you may benefit from reading A Gentle Introduction to Application Security.

Contributing

Please refer to the contributing guide for details.

Application Security Learning Resources

• General
  • Articles
  • How to Safely Generate a Random Number (2014)
  • Salted Password Hashing - Doing it Right (2014)
  • A good idea with bad usage: /dev/urandom (2014)
  • Why Invest in Application Security? (2015)
  • Be wary of one-time pads and other crypto unicorns (2015)
  • Books
  • Web Application Hacker's Handbook (2011)
  • Cryptography Engineering (2010)
  • Securing DevOps (2018)
  • Gray Hat Python: Programming for Hackers and Reverse Engineers (2009)
  • The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (2006)
  • C Interfaces and Implementations: Techniques for Creating Reusable Software (1996)
  • Reversing: Secrets of Reverse Engineering (2005)
  • JavaScript: The Good parts (2008)
  • Windows Internals: Including Windows Server 2008 and Windows Vista, Fifth Edition (2007)
  • The Mac Hacker's Handbook (2009)
  • The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler (2008)
  • Internetworking with TCP/IP Vol. II: ANSI C Version: Design, Implementation, and Internals (3rd Edition) (1998)
  • Network Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked Devices (2004)
  • Computation Structures (MIT Electrical Engineering and Computer Science) (1989)
  • Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection (2009)
  • Secure Programming HOWTO (2015)
  • Security Engineering - Third Edition (2020)
  • Bulletproof SSL and TLS (2014)
  • Holistic Info-Sec for Web Developers (Fascicle 0) (2016)
  • Holistic Info-Sec for Web Developers (Fascicle 1)
  • Classes
  • Offensive Computer Security (CIS 4930) FSU
  • Hack Night
  • Websites
  • Hack This Site!
  • Enigma Group
  • Web App Sec Quiz
  • SecurePasswords.info
  • Security News Feeds Cheat-Sheet