Suggested Reading

Whitepapers

• The Economic Impacts of Inadequate Infrastructure for Software Testing
• Improving Web Application Security: Threats and Countermeasures
• NIST Publications
• Fundamental Practices for Secure Software Development
• The OWASP Guide Project
• Use Cases: Just the FAQs and Answers

Books

• The Art of Software Security Testing: Identifying Software Security Flaws, by Chris Wysopal, Lucas Nelson, Dino Dai Zovi, Elfriede Dustin, published by Addison-Wesley, ISBN 0321304861 (2006)
• Building Secure Software: How to Avoid Security Problems the Right Way, by Gary McGraw and John Viega, published by Addison-Wesley Pub Co, ISBN 020172152X (2002)
• The Ethical Hack: A Framework for Business Value Penetration Testing, By James S. Tiller, Auerbach Publications, ISBN 084931609X (2005)
• The Hacker’s Handbook: The Strategy behind Breaking into and Defending Networks, By Susan Young, Dave Aitel, Auerbach Publications, ISBN: 0849308887 (2005)
• Hacking Exposed: Web Applications 3, by Joel Scambray, Vinvent Liu, Caleb Sima, published by McGraw-Hill Osborne Media, ISBN 007222438X (2010)
• The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws, 2nd Edition - [published by Dafydd Stuttard, Marcus Pinto, ISBN 9781118026472 (2011)]
• How to Break Software Security, by James Whittaker, Herbert H. Thompson, published by Addison Wesley, ISBN 0321194330 (2003)
• How to Break Software: Functional and Security Testing of Web Applications and Web Services, by Make Andrews, James A. Whittaker, published by Pearson Education Inc., ISBN 0321369440 (2006)
• Secure Coding: Principles and Practices, by Mark Graff and Kenneth R. Van Wyk, published by O’Reilly, ISBN 0596002424 (2003)
• Secure Programming HOWTO, David Wheeler (2015)
  • Online version available here
• Software Security: Building Security In, by Gary McGraw, published by Addison-Wesley Professional, ISBN 0321356705 (2006)
• Software Testing In The Real World (Acm Press Books) by Edward Kit, published by Addison-Wesley Professional, ISBN 0201877562 (1995)
• Software Testing Techniques, 2nd Edition, By Boris Beizer, International Thomson Computer Press, ISBN 0442206720 (1990)
• The Tangled Web: A Guide to Securing Modern Web Applications, by Michael Zalewski, published by No Starch Press Inc., ISBN 047131952X (2011)
• The Unified Modeling Language – A User Guide – by Grady Booch, James Rumbaugh, Ivar Jacobson, published by Addison-Wesley Professional, ISBN 0321267974 (2005)
• The Unified Modeling Language User Guide, by Grady Booch, James Rumbaugh, Ivar Jacobson, Ivar published by Addison-Wesley Professional, ISBN 0-201-57168-4 (1998)
• Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast, by Paco Hope, Ben Walther, published by O’Reilly, ISBN 0596514832 (2008)
• Writing Secure Code, by Mike Howard and David LeBlanc, published by Microsoft Press, ISBN 0735617228 (2004)

Useful Sites

• Build Security In
• CERT Secure Coding Standards
• McAfee Foundstone Publications
• McAfee Free Tools
• OASIS Web Application Security (WAS) TC
• SANS Internet Storm Center (ISC)
• The Open Web Application Application Security Project (OWASP)
• Pentestmonkey - Pen Testing Cheat Sheets
• Secure Coding Guidelines for the .NET Framework 4.5
• Security in the Java platform
• System Administration, Networking, and Security Institute (SANS)
• Web Security – Articles
• Testing Client-Side Security issues

Videos

• PentesterAcademy

Deliberately Insecure Web Applications

• OWASP Vulnerable Web Applications Directory Project
• OWASP Juice Shop
• OWASP WebGoat
• Damn Vulnerable Web App
• Xtreme Vulnerable Web Application
• Mutillidae