rhetenor/awesome-awesomeness
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
652812eed0d0ae17376945242133acb706f9b01f
awesome-awesomeness/html/appsec.md2.html
rhetenor 652812eed0 update
2025-07-18 23:13:11 +02:00

932 lines
45 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<h1 id="awesome-appsec-awesome">Awesome AppSec <a
href="https://github.com/sindresorhus/awesome"><img
src="https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg"
alt="Awesome" /></a></h1>
<p>A curated list of resources for learning about application security.
Contains books, websites, blog posts, and self-assessment quizzes.</p>
<p>Maintained by <a href="https://paragonie.com">Paragon Initiative
Enterprises</a> with contributions from the application security and
developer communities. We also have <a
href="https://paragonie.com/projects">other community projects</a> which
might be useful for tomorrows application security experts.</p>
<p>If you are an absolute beginner to the topic of software security,
you may benefit from reading <a
href="https://paragonie.com/blog/2015/08/gentle-introduction-application-security">A
Gentle Introduction to Application Security</a>.</p>
<h1 id="contributing">Contributing</h1>
<p><a href="CONTRIBUTING.md">Please refer to the contributing guide for
details</a>.</p>
<h1 id="application-security-learning-resources">Application Security
Learning Resources</h1>
<ul>
<li><a href="#general">General</a>
<ul>
<li><a href="#articles">Articles</a>
<ul>
<li><a href="#how-to-safely-generate-a-random-number-2014">How to Safely
Generate a Random Number</a> (2014)</li>
<li><a href="#salted-password-hashing-doing-it-right-2014">Salted
Password Hashing - Doing it Right</a> (2014)</li>
<li><a href="#a-good-idea-with-bad-usage-devurandom-2014">A good idea
with bad usage: /dev/urandom</a> (2014)</li>
<li><a href="#why-invest-in-application-security-2015">Why Invest in
Application Security?</a> (2015)</li>
<li><a
href="#be-wary-of-one-time-pads-and-other-crypto-unicorns-2015">Be wary
of one-time pads and other crypto unicorns</a> (2015)</li>
</ul></li>
<li><a href="#books">Books</a>
<ul>
<li><a href="#-web-application-hackers-handbook-2011">Web Application
Hackers Handbook</a> (2011) <img src="img/nonfree.png"
alt="nonfree" /></li>
<li><a href="#-cryptography-engineering-2010">Cryptography
Engineering</a> (2010) <img src="img/nonfree.png" alt="nonfree" /></li>
<li><a href="#-securing-devops-2018">Securing DevOps</a> (2018) <img
src="img/nonfree.png" alt="nonfree" /></li>
<li><a
href="#-gray-hat-python-programming-for-hackers-and-reverse-engineers-2009">Gray
Hat Python: Programming for Hackers and Reverse Engineers</a> (2009)
<img src="img/nonfree.png" alt="nonfree" /></li>
<li><a
href="#-the-art-of-software-security-assessment-identifying-and-preventing-software-vulnerabilities-2006">The
Art of Software Security Assessment: Identifying and Preventing Software
Vulnerabilities</a> (2006) <img src="img/nonfree.png"
alt="nonfree" /></li>
<li><a
href="#-c-interfaces-and-implementations-techniques-for-creating-reusable-software-1996">C
Interfaces and Implementations: Techniques for Creating Reusable
Software</a> (1996) <img src="img/nonfree.png" alt="nonfree" /></li>
<li><a href="#-reversing-secrets-of-reverse-engineering-2005">Reversing:
Secrets of Reverse Engineering</a> (2005) <img src="img/nonfree.png"
alt="nonfree" /></li>
<li><a href="#-javascript-the-good-parts-2008">JavaScript: The Good
parts</a> (2008) <img src="img/nonfree.png" alt="nonfree" /></li>
<li><a
href="#-windows-internals-including-windows-server-2008-and-windows-vista-fifth-edition-2007">Windows
Internals: Including Windows Server 2008 and Windows Vista, Fifth
Edition</a> (2007) <img src="img/nonfree.png" alt="nonfree" /></li>
<li><a href="#-the-mac-hackers-handbook-2009">The Mac Hackers
Handbook</a> (2009) <img src="img/nonfree.png" alt="nonfree" /></li>
<li><a
href="#-the-ida-pro-book-the-unofficial-guide-to-the-worlds-most-popular-disassembler-2008">The
IDA Pro Book: The Unofficial Guide to the Worlds Most Popular
Disassembler</a> (2008) <img src="img/nonfree.png" alt="nonfree" /></li>
<li><a
href="#-internetworking-with-tcpip-vol-ii-ansi-c-version-design-implementation-and-internals-3rd-edition-1998">Internetworking
with TCP/IP Vol. II: ANSI C Version: Design, Implementation, and
Internals (3rd Edition)</a> (1998) <img src="img/nonfree.png"
alt="nonfree" /></li>
<li><a
href="#-network-algorithmics-an-interdisciplinary-approach-to-designing-fast-networked-devices-2004">Network
Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked
Devices</a> (2004) <img src="img/nonfree.png" alt="nonfree" /></li>
<li><a
href="#-computation-structures-mit-electrical-engineering-and-computer-science-1989">Computation
Structures (MIT Electrical Engineering and Computer Science)</a> (1989)
<img src="img/nonfree.png" alt="nonfree" /></li>
<li><a
href="#-surreptitious-software-obfuscation-watermarking-and-tamperproofing-for-software-protection-2009">Surreptitious
Software: Obfuscation, Watermarking, and Tamperproofing for Software
Protection</a> (2009) <img src="img/nonfree.png" alt="nonfree" /></li>
<li><a href="#secure-programming-howto-2015">Secure Programming
HOWTO</a> (2015)</li>
<li><a href="#security-engineering-third-edition-2020">Security
Engineering - Third Edition</a> (2020)</li>
<li><a href="#-bulletproof-ssl-and-tls-2014">Bulletproof SSL and TLS</a>
(2014) <img src="img/nonfree.png" alt="nonfree" /></li>
<li><a
href="#holistic-info-sec-for-web-developers-fascicle-0-2016">Holistic
Info-Sec for Web Developers (Fascicle 0)</a> (2016)</li>
<li><a href="#holistic-info-sec-for-web-developers-fascicle-1">Holistic
Info-Sec for Web Developers (Fascicle 1)</a></li>
</ul></li>
<li><a href="#classes">Classes</a>
<ul>
<li><a href="#offensive-computer-security-cis-4930-fsu">Offensive
Computer Security (CIS 4930) FSU</a></li>
<li><a href="#hack-night">Hack Night</a></li>
</ul></li>
<li><a href="#websites">Websites</a>
<ul>
<li><a href="#hack-this-site">Hack This Site!</a></li>
<li><a href="#enigma-group">Enigma Group</a></li>
<li><a href="#web-app-sec-quiz">Web App Sec Quiz</a></li>
<li><a href="#securepasswords-info">SecurePasswords.info</a></li>
<li><a href="#security-news-feeds-cheat-sheet">Security News Feeds
Cheat-Sheet</a></li>
<li><a href="#open-security-training">Open Security Training</a></li>
<li><a href="#microcorruption">MicroCorruption</a></li>
<li><a href="#the-matasano-crypto-challenges">The Matasano Crypto
Challenges</a></li>
<li><a href="#pentesterlab">PentesterLab</a></li>
<li><a href="#juice-shop">Juice Shop</a></li>
<li><a href="#supercar-showdown">Supercar Showdown</a></li>
<li><a href="#owasp-nodegoat">OWASP NodeGoat</a></li>
<li><a href="#securing-the-stack">Securing The Stack</a></li>
<li><a href="#owasp-serverlessgoat">OWASP ServerlessGoat</a></li>
<li><a href="#secdim">SecDim</a></li>
<li><a href="#blogs">Blogs</a>
<ul>
<li><a href="#crypto-fails">Crypto Fails</a></li>
<li><a href="#ncc-group-blog">NCC Group - Blog</a></li>
<li><a href="#scott-helme">Scott Helme</a></li>
<li><a href="#cossack-labs-blog-2018">Cossack Labs blog</a> (2018)</li>
</ul></li>
<li><a href="#wiki-pages">Wiki pages</a>
<ul>
<li><a href="#owasp-top-ten-project">OWASP Top Ten Project</a></li>
</ul></li>
<li><a href="#tools">Tools</a>
<ul>
<li><a href="#qualys-ssl-labs">Qualys SSL Labs</a></li>
<li><a href="#securityheaders-io">securityheaders.io</a></li>
<li><a href="#report-uri-io">report-uri.io</a></li>
<li><a href="#clickjacker-io">clickjacker.io</a></li>
</ul></li>
</ul></li>
</ul></li>
<li><a href="#aws-lambda">AWS Lambda</a>
<ul>
<li><a href="#tools-1">Tools</a>
<ul>
<li><a href="#puresec-functionshield">PureSec FunctionShield</a></li>
</ul></li>
</ul></li>
<li><a href="#android">Android</a>
<ul>
<li><a href="#books-and-ebooks">Books and ebooks</a>
<ul>
<li><a href="#sei-cert-android-secure-coding-standard-2015">SEI CERT
Android Secure Coding Standard</a> (2015)</li>
</ul></li>
</ul></li>
<li><a href="#c">C</a>
<ul>
<li><a href="#books-and-ebooks-1">Books and ebooks</a>
<ul>
<li><a href="#sei-cert-c-coding-standard-2006">SEI CERT C Coding
Standard</a> (2006)</li>
<li><a
href="#defensive-coding-a-guide-to-improving-software-security-by-the-fedora-security-team-2025">Defensive
Coding: A Guide to Improving Software Security by the Fedora Security
Team</a> (2025)</li>
</ul></li>
</ul></li>
<li><a href="#c-1">C++</a>
<ul>
<li><a href="#books-and-ebooks-2">Books and ebooks</a>
<ul>
<li><a href="#sei-cert-c-coding-standard-2006-1">SEI CERT C++ Coding
Standard</a> (2006)</li>
</ul></li>
</ul></li>
<li><a href="#c-sharp">C Sharp</a>
<ul>
<li><a href="#books-and-ebooks-3">Books and ebooks</a>
<ul>
<li><a href="#-security-driven-net-2015">Security Driven .NET</a> (2015)
<img src="img/nonfree.png" alt="nonfree" /></li>
</ul></li>
</ul></li>
<li><a href="#clojure">Clojure</a>
<ul>
<li><a href="#repositories">Repositories</a>
<ul>
<li><a href="#clojure-owasp-2020">Clojure OWASP</a> (2020)</li>
</ul></li>
</ul></li>
<li><a href="#go">Go</a>
<ul>
<li><a href="#articles-1">Articles</a>
<ul>
<li><a href="#memory-security-in-go-spacetime-dev-2017">Memory Security
in Go - spacetime.dev</a> (2017)</li>
</ul></li>
</ul></li>
<li><a href="#java">Java</a>
<ul>
<li><a href="#books-and-ebooks-4">Books and ebooks</a>
<ul>
<li><a href="#sei-cert-java-coding-standard-2007">SEI CERT Java Coding
Standard</a> (2007)</li>
<li><a href="#secure-coding-guidelines-for-java-se-2014">Secure Coding
Guidelines for Java SE</a> (2014)</li>
</ul></li>
</ul></li>
<li><a href="#node-js">Node.js</a>
<ul>
<li><a href="#articles-2">Articles</a>
<ul>
<li><a href="#node-js-security-checklist-rising-stack-blog-2015">Node.js
Security Checklist - Rising Stack Blog</a> (2015)</li>
<li><a
href="#awesome-electron-js-hacking-pentesting-resources-2020">Awesome
Electron.js hacking &amp; pentesting resources</a> (2020)</li>
</ul></li>
<li><a href="#books-and-ebooks-5">Books and ebooks</a>
<ul>
<li><a href="#-essential-node-js-security-2017">Essential Node.js
Security</a> (2017) <img src="img/nonfree.png" alt="nonfree" /></li>
</ul></li>
<li><a href="#training">Training</a>
<ul>
<li><a href="#-security-training-by-lift-security">Security Training by
^Lift Security</a> <img src="img/nonfree.png" alt="nonfree" /></li>
<li><a href="#-security-training-from-binarymist">Security Training from
BinaryMist</a> <img src="img/nonfree.png" alt="nonfree" /></li>
</ul></li>
</ul></li>
<li><a href="#php">PHP</a>
<ul>
<li><a href="#articles-3">Articles</a>
<ul>
<li><a href="#its-all-about-time-2014">Its All About Time</a>
(2014)</li>
<li><a
href="#secure-authentication-in-php-with-long-term-persistence-2015">Secure
Authentication in PHP with Long-Term Persistence</a> (2015)</li>
<li><a
href="#20-point-list-for-preventing-cross-site-scripting-in-php-2013">20
Point List For Preventing Cross-Site Scripting In PHP</a> (2013)</li>
<li><a href="#25-php-security-best-practices-for-sys-admins-2011">25 PHP
Security Best Practices For Sys Admins</a> (2011)</li>
<li><a href="#php-data-encryption-primer-2014">PHP data encryption
primer</a> (2014)</li>
<li><a
href="#preventing-sql-injection-in-php-applications-the-easy-and-definitive-guide-2014">Preventing
SQL Injection in PHP Applications - the Easy and Definitive Guide</a>
(2014)</li>
<li><a
href="#you-wouldnt-base64-a-password-cryptography-decoded-2015">You
Wouldnt Base64 a Password - Cryptography Decoded</a> (2015)</li>
<li><a
href="#a-guide-to-secure-data-encryption-in-php-applications-2015">A
Guide to Secure Data Encryption in PHP Applications</a> (2015)</li>
<li><a href="#the-2018-guide-to-building-secure-php-software-2017">The
2018 Guide to Building Secure PHP Software</a> (2017)</li>
</ul></li>
<li><a href="#books-and-ebooks-6">Books and ebooks</a>
<ul>
<li><a href="#-securing-php-core-concepts">Securing PHP: Core
Concepts</a> <img src="img/nonfree.png" alt="nonfree" /></li>
<li><a href="#using-libsodium-in-php-projects">Using Libsodium in PHP
Projects</a></li>
</ul></li>
<li><a href="#useful-libraries">Useful libraries</a>
<ul>
<li><a href="#defusephp-encryption">defuse/php-encryption</a></li>
<li><a
href="#ircmaxellpassword-compat">ircmaxell/password_compat</a></li>
<li><a href="#ircmaxellrandomlib">ircmaxell/RandomLib</a></li>
<li><a
href="#thephpleagueoauth2-server">thephpleague/oauth2-server</a></li>
<li><a href="#paragonierandom-compat">paragonie/random_compat</a></li>
<li><a href="#pseciogatekeeper">psecio/gatekeeper</a></li>
<li><a href="#openwallphpass">openwall/phpass</a></li>
</ul></li>
<li><a href="#websites-1">Websites</a>
<ul>
<li><a href="#websec-io">websec.io</a></li>
<li><a href="#blogs-1">Blogs</a>
<ul>
<li><a href="#paragon-initiative-enterprises-blog">Paragon Initiative
Enterprises Blog</a></li>
<li><a href="#ircmaxells-blog">ircmaxells blog</a></li>
<li><a href="#p%C3%A1draic-bradys-blog">Pádraic Bradys Blog</a></li>
</ul></li>
<li><a href="#mailing-lists">Mailing lists</a>
<ul>
<li><a href="#securing-php-weekly">Securing PHP Weekly</a></li>
</ul></li>
</ul></li>
</ul></li>
<li><a href="#perl">Perl</a>
<ul>
<li><a href="#books-and-ebooks-7">Books and ebooks</a>
<ul>
<li><a href="#sei-cert-perl-coding-standard-2011">SEI CERT Perl Coding
Standard</a> (2011)</li>
</ul></li>
</ul></li>
<li><a href="#python">Python</a>
<ul>
<li><a href="#books-and-ebooks-8">Books and ebooks</a>
<ul>
<li><a href="#python-chapter-of-fedora-defensive-coding-guide">Python
chapter of Fedora Defensive Coding Guide</a></li>
<li><a
href="#-black-hat-python-python-programming-for-hackers-and-pentesters">Black
Hat Python: Python Programming for Hackers and Pentesters</a> <img
src="img/nonfree.png" alt="nonfree" /></li>
<li><a href="#-violent-python">Violent Python</a> <img
src="img/nonfree.png" alt="nonfree" /></li>
</ul></li>
<li><a href="#websites-2">Websites</a>
<ul>
<li><a href="#owasp-python-security-wiki-2014">OWASP Python Security
Wiki</a> (2014)</li>
</ul></li>
</ul></li>
<li><a href="#ruby">Ruby</a>
<ul>
<li><a href="#books-and-ebooks-9">Books and ebooks</a>
<ul>
<li><a href="#secure-ruby-development-guide-2014">Secure Ruby
Development Guide</a> (2014)</li>
</ul></li>
</ul></li>
</ul>
<h1 id="general">General</h1>
<h2 id="articles">Articles</h2>
<h3 id="how-to-safely-generate-a-random-number-2014"><a
href="http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/">How
to Safely Generate a Random Number</a> (2014)</h3>
<p><strong>Released</strong>: February 25, 2014</p>
<p>Advice on cryptographically secure pseudo-random number
generators.</p>
<h3 id="salted-password-hashing---doing-it-right-2014"><a
href="https://crackstation.net/hashing-security.htm">Salted Password
Hashing - Doing it Right</a> (2014)</h3>
<p><strong>Released</strong>: August 6, 2014</p>
<p>A post on <a href="https://crackstation.net">Crackstation</a>, a
project by <a href="https://defuse.ca">Defuse Security</a></p>
<h3 id="a-good-idea-with-bad-usage-devurandom-2014"><a
href="http://insanecoding.blogspot.co.uk/2014/05/a-good-idea-with-bad-usage-devurandom.html">A
good idea with bad usage: /dev/urandom</a> (2014)</h3>
<p><strong>Released</strong>: May 3, 2014</p>
<p>Mentions many ways to make <code>/dev/urandom</code> fail on
Linux/BSD.</p>
<h3 id="why-invest-in-application-security-2015"><a
href="https://paragonie.com/white-paper/2015-why-invest-application-security">Why
Invest in Application Security?</a> (2015)</h3>
<p><strong>Released</strong>: June 21, 2015</p>
<p>Running a business requires being cost-conscious and minimizing
unnecessary spending. The benefits of ensuring in the security of your
application are invisible to most companies, so often times they neglect
to invest in secure software development as a cost-saving measure. What
these companies dont realize is the potential cost (both financial and
to brand reputation) a preventable data compromise can incur.</p>
<p><strong>The average data breach costs millions of dollars in
damage.</strong></p>
<p>Investing more time and personnel to develop secure software is, for
most companies, worth it to minimize this unnecessary risk to their
bottom line.</p>
<h3 id="be-wary-of-one-time-pads-and-other-crypto-unicorns-2015"><a
href="https://freedom-to-tinker.com/blog/jbonneau/be-wary-of-one-time-pads-and-other-crypto-unicorns/">Be
wary of one-time pads and other crypto unicorns</a> (2015)</h3>
<p><strong>Released</strong>: March 25, 2015</p>
<p>A <strong>must-read</strong> for anyone looking to build their own
cryptography features.</p>
<h2 id="books">Books</h2>
<h3 id="nonfree-web-application-hackers-handbook-2011"><img
src="img/nonfree.png" alt="nonfree" /> <a
href="http://mdsec.net/wahh">Web Application Hackers Handbook</a>
(2011)</h3>
<p><strong>Released</strong>: September 27, 2011</p>
<p>Great introduction to Web Application Security; though slightly
dated.</p>
<h3 id="nonfree-cryptography-engineering-2010"><img
src="img/nonfree.png" alt="nonfree" /> <a
href="http://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246">Cryptography
Engineering</a> (2010)</h3>
<p><strong>Released</strong>: March 15, 2010</p>
<p>Develops a sense of professional paranoia while presenting crypto
design techniques.</p>
<h3 id="nonfree-securing-devops-2018"><img src="img/nonfree.png"
alt="nonfree" /> <a
href="https://www.manning.com/books/securing-devops?a_aid=securingdevops&amp;a_bid=1353bcd8">Securing
DevOps</a> (2018)</h3>
<p><strong>Released</strong>: March 1, 2018</p>
<p>Securing DevOps explores how the techniques of DevOps and Security
should be applied together to make cloud services safer. This
introductory book reviews state of the art practices used in securing
web applications and their infrastructure, and teaches you techniques to
integrate security directly into your product.</p>
<h3
id="nonfree-gray-hat-python-programming-for-hackers-and-reverse-engineers-2009"><img
src="img/nonfree.png" alt="nonfree" /> <a
href="http://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921">Gray
Hat Python: Programming for Hackers and Reverse Engineers</a>
(2009)</h3>
<p><strong>Released</strong>: May 3, 2009</p>
<h3
id="nonfree-the-art-of-software-security-assessment-identifying-and-preventing-software-vulnerabilities-2006"><img
src="img/nonfree.png" alt="nonfree" /> <a
href="http://www.amazon.com/The-Software-Security-Assessment-Vulnerabilities/dp/0321444426/">The
Art of Software Security Assessment: Identifying and Preventing Software
Vulnerabilities</a> (2006)</h3>
<p><strong>Released</strong>: November 30, 2006</p>
<h3
id="nonfree-c-interfaces-and-implementations-techniques-for-creating-reusable-software-1996"><img
src="img/nonfree.png" alt="nonfree" /> <a
href="http://www.amazon.com/Interfaces-Implementations-Techniques-Creating-Reusable/dp/0201498413/">C
Interfaces and Implementations: Techniques for Creating Reusable
Software</a> (1996)</h3>
<p><strong>Released</strong>: August 30, 1996</p>
<h3 id="nonfree-reversing-secrets-of-reverse-engineering-2005"><img
src="img/nonfree.png" alt="nonfree" /> <a
href="http://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817">Reversing:
Secrets of Reverse Engineering</a> (2005)</h3>
<p><strong>Released</strong>: April 15, 2005</p>
<h3 id="nonfree-javascript-the-good-parts-2008"><img
src="img/nonfree.png" alt="nonfree" /> <a
href="http://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742">JavaScript:
The Good parts</a> (2008)</h3>
<p><strong>Released</strong>: May 1, 2008</p>
<h3
id="nonfree-windows-internals-including-windows-server-2008-and-windows-vista-fifth-edition-2007"><img
src="img/nonfree.png" alt="nonfree" /> <a
href="http://www.amazon.com/Windows%C2%AE-Internals-Including-Developer-Reference/dp/0735625301">Windows
Internals: Including Windows Server 2008 and Windows Vista, Fifth
Edition</a> (2007)</h3>
<p><strong>Released</strong>: June 17, 2007</p>
<h3 id="nonfree-the-mac-hackers-handbook-2009"><img
src="img/nonfree.png" alt="nonfree" /> <a
href="http://www.amazon.com/The-Hackers-Handbook-Charlie-Miller/dp/0470395362">The
Mac Hackers Handbook</a> (2009)</h3>
<p><strong>Released</strong>: March 3, 2009</p>
<h3
id="nonfree-the-ida-pro-book-the-unofficial-guide-to-the-worlds-most-popular-disassembler-2008"><img
src="img/nonfree.png" alt="nonfree" /> <a
href="http://www.amazon.com/The-IDA-Pro-Book-Disassembler/dp/1593271786">The
IDA Pro Book: The Unofficial Guide to the Worlds Most Popular
Disassembler</a> (2008)</h3>
<p><strong>Released</strong>: August 22, 2008</p>
<h3
id="nonfree-internetworking-with-tcpip-vol.-ii-ansi-c-version-design-implementation-and-internals-3rd-edition-1998"><img
src="img/nonfree.png" alt="nonfree" /> <a
href="http://www.amazon.com/Internetworking-TCP-Vol-Implementation-Internals/dp/0139738436">Internetworking
with TCP/IP Vol. II: ANSI C Version: Design, Implementation, and
Internals (3rd Edition)</a> (1998)</h3>
<p><strong>Released</strong>: June 25, 1998</p>
<h3
id="nonfree-network-algorithmics-an-interdisciplinary-approach-to-designing-fast-networked-devices-2004"><img
src="img/nonfree.png" alt="nonfree" /> <a
href="http://www.amazon.com/Network-Algorithmics-Interdisciplinary-Designing-Networking/dp/0120884771">Network
Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked
Devices</a> (2004)</h3>
<p><strong>Released</strong>: December 29, 2004</p>
<h3
id="nonfree-computation-structures-mit-electrical-engineering-and-computer-science-1989"><img
src="img/nonfree.png" alt="nonfree" /> <a
href="http://www.amazon.com/Computation-Structures-Electrical-Engineering-Computer/dp/0262231395">Computation
Structures (MIT Electrical Engineering and Computer Science)</a>
(1989)</h3>
<p><strong>Released</strong>: December 13, 1989</p>
<h3
id="nonfree-surreptitious-software-obfuscation-watermarking-and-tamperproofing-for-software-protection-2009"><img
src="img/nonfree.png" alt="nonfree" /> <a
href="http://www.amazon.com/Surreptitious-Software-Obfuscation-Watermarking-Tamperproofing/dp/0321549252">Surreptitious
Software: Obfuscation, Watermarking, and Tamperproofing for Software
Protection</a> (2009)</h3>
<p><strong>Released</strong>: August 3, 2009</p>
<h3 id="secure-programming-howto-2015"><a
href="http://www.dwheeler.com/secure-programs/">Secure Programming
HOWTO</a> (2015)</h3>
<p><strong>Released</strong>: March 1, 2015</p>
<h3 id="security-engineering---third-edition-2020"><a
href="https://www.cl.cam.ac.uk/~rja14/book.html">Security Engineering -
Third Edition</a> (2020)</h3>
<p><strong>Released</strong>: November 1, 2020</p>
<h3 id="nonfree-bulletproof-ssl-and-tls-2014"><img src="img/nonfree.png"
alt="nonfree" /> <a
href="https://www.feistyduck.com/books/bulletproof-ssl-and-tls/">Bulletproof
SSL and TLS</a> (2014)</h3>
<p><strong>Released</strong>: August 1, 2014</p>
<h3 id="holistic-info-sec-for-web-developers-fascicle-0-2016"><a
href="https://leanpub.com/holistic-infosec-for-web-developers">Holistic
Info-Sec for Web Developers (Fascicle 0)</a> (2016)</h3>
<p><strong>Released</strong>: September 17, 2016</p>
<p>The first part of a three part book series providing broad and
in-depth coverage on what web developers and architects need to know in
order to create robust, reliable, maintainable and secure software,
networks and other, that are delivered continuously, on time, with no
nasty surprises.</p>
<h3 id="holistic-info-sec-for-web-developers-fascicle-1"><a
href="https://leanpub.com/holistic-infosec-for-web-developers-fascicle1-vps-network-cloud-webapplications">Holistic
Info-Sec for Web Developers (Fascicle 1)</a></h3>
<p>The second part of a three part book series providing broad and
in-depth coverage on what web developers and architects need to know in
order to create robust, reliable, maintainable and secure software, VPS,
networks, cloud and web applications, that are delivered continuously,
on time, with no nasty surprises.</p>
<h2 id="classes">Classes</h2>
<h3 id="offensive-computer-security-cis-4930-fsu"><a
href="https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/">Offensive
Computer Security (CIS 4930) FSU</a></h3>
<p>A vulnerability research and exploit development class by Owen
Redwood of Florida State University.</p>
<p><strong>Be sure to check out the <a
href="https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html">lectures</a>!</strong></p>
<h3 id="hack-night"><a href="https://github.com/isislab/Hack-Night">Hack
Night</a></h3>
<p>Developed from the materials of NYU Polys old Penetration Testing
and Vulnerability Analysis course, Hack Night is a sobering introduction
to offensive security. A lot of complex technical content is covered
very quickly as students are introduced to a wide variety of complex and
immersive topics over thirteen weeks.</p>
<h2 id="websites">Websites</h2>
<h3 id="hack-this-site"><a href="http://www.hackthissite.org">Hack This
Site!</a></h3>
<p>Learn about application security by attempting to hack this
website.</p>
<h3 id="enigma-group"><a href="http://www.enigmagroup.org">Enigma
Group</a></h3>
<p>Where hackers and security experts come to train.</p>
<h3 id="web-app-sec-quiz"><a
href="https://timoh6.github.io/WebAppSecQuiz/">Web App Sec Quiz</a></h3>
<p>Self-assessment quiz for web application security</p>
<h3 id="securepasswords.info"><a
href="https://securepasswords.info">SecurePasswords.info</a></h3>
<p>Secure passwords in several languages/frameworks.</p>
<h3 id="security-news-feeds-cheat-sheet"><a
href="http://lzone.de/cheat-sheet/Security-News-Feeds">Security News
Feeds Cheat-Sheet</a></h3>
<p>A list of security news sources.</p>
<h3 id="open-security-training"><a
href="http://opensecuritytraining.info/">Open Security Training</a></h3>
<p>Video courses on low-level x86 programming, hacking, and
forensics.</p>
<h3 id="microcorruption"><a
href="https://microcorruption.com/login">MicroCorruption</a></h3>
<p>Capture The Flag - Learn Assembly and Embedded Device Security</p>
<h3 id="the-matasano-crypto-challenges"><a
href="http://cryptopals.com">The Matasano Crypto Challenges</a></h3>
<p>A series of programming exercises for teaching oneself cryptography
by <a href="http://matasano.com">Matasano Security</a>. <a
href="https://blog.pinboard.in/2013/04/the_matasano_crypto_challenges">The
introduction</a> by Maciej Ceglowski explains it well.</p>
<h3 id="pentesterlab"><a
href="https://pentesterlab.com">PentesterLab</a></h3>
<p>PentesterLab provides <a
href="https://pentesterlab.com/exercises/">free Hands-On exercises</a>
and a <a href="https://pentesterlab.com/bootcamp/">bootcamp</a> to get
started.</p>
<h3 id="juice-shop"><a
href="https://bkimminich.github.io/juice-shop">Juice Shop</a></h3>
<p>An intentionally insecure Javascript Web Application.</p>
<h3 id="supercar-showdown"><a
href="http://hackyourselffirst.troyhunt.com/">Supercar Showdown</a></h3>
<p>How to go on the offence before online attackers do.</p>
<h3 id="owasp-nodegoat"><a
href="https://github.com/owasp/nodegoat">OWASP NodeGoat</a></h3>
<p>Purposly vulnerable to the OWASP Top 10 Node.JS web application, with
<a href="https://nodegoat.herokuapp.com/tutorial">tutorials</a>, <a
href="https://github.com/OWASP/NodeGoat/wiki/NodeGoat-Security-Regression-tests-with-ZAP-API">security
regression testing with the OWASP Zap API</a>, <a
href="https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker">docker
image</a>. With several options to get up and running fast.</p>
<h3 id="securing-the-stack"><a
href="https://securingthestack.com">Securing The Stack</a></h3>
<p>Bi-Weekly Appsec Tutorials</p>
<h3 id="owasp-serverlessgoat"><a
href="https://www.owasp.org/index.php/OWASP_Serverless_Goat">OWASP
ServerlessGoat</a></h3>
<p>OWASP ServerlessGoat is a deliberately insecure realistic AWS Lambda
serverless application, maintained by OWASP and created by <a
href="https://www.puresec.io/">PureSec</a>. You can install WebGoat,
learn about the vulnerabilities, how to exploit them, and how to
remediate each issue. The project also includes documentation explaining
the issues and how they should be remediated with best-practices.</p>
<h3 id="secdim"><a href="https://secdim.com">SecDim</a></h3>
<p>SecDim is an appsec edutainment platform, <a
href="https://learn.secdim.com">Learn</a> appsec with free git based
labs. Think you got what it takes to build a secure app? <a
href="https://play.secdim.com">Challenge yourself</a> with appsec games!
Fix bugs, get a score and your name on the leaderboards.</p>
<h3 id="blogs">Blogs</h3>
<h4 id="crypto-fails"><a href="http://cryptofails.com">Crypto
Fails</a></h4>
<p>Showcasing bad cryptography</p>
<h4 id="ncc-group---blog"><a
href="https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/">NCC
Group - Blog</a></h4>
<p>The blog of NCC Group, formerly Matasano, iSEC Partners, and NGS
Secure.</p>
<h4 id="scott-helme"><a href="https://scotthelme.co.uk">Scott
Helme</a></h4>
<p>Learn about security and performance.</p>
<h4 id="cossack-labs-blog-2018"><a
href="https://www.cossacklabs.com/blog-archive/">Cossack Labs blog</a>
(2018)</h4>
<p><strong>Released</strong>: July 30, 2018</p>
<p>Blog of cryptographic company that makes open-source libraries and
tools, and describes practical data security approaches for applications
and infrastructures.</p>
<h3 id="wiki-pages">Wiki pages</h3>
<h4 id="owasp-top-ten-project"><a
href="https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project">OWASP
Top Ten Project</a></h4>
<p>The top ten most common and critical security vulnerabilities found
in web applications.</p>
<h3 id="tools">Tools</h3>
<h4 id="qualys-ssl-labs"><a href="https://www.ssllabs.com/">Qualys SSL
Labs</a></h4>
<p>The infamous suite of SSL and TLS tools.</p>
<h4 id="securityheaders.io"><a
href="https://securityheaders.io/">securityheaders.io</a></h4>
<p>Quickly and easily assess the security of your HTTP response
headers.</p>
<h4 id="report-uri.io"><a
href="https://report-uri.io">report-uri.io</a></h4>
<p>A free CSP and HPKP reporting service.</p>
<h4 id="clickjacker.io"><a
href="https://clickjacker.io">clickjacker.io</a></h4>
<p>Test and learn Clickjacking. Make clickjacking PoC, take screenshot
and share link. You can test HTTPS, HTTP, intranet &amp; internal
sites.</p>
<h1 id="aws-lambda">AWS Lambda</h1>
<h2 id="tools-1">Tools</h2>
<h3 id="puresec-functionshield"><a
href="https://www.puresec.io/function-shield">PureSec
FunctionShield</a></h3>
<p>FunctionShield is a 100% free AWS Lambda security and Google Cloud
Functions security library that equips developers with the ability to
easily enforce strict security controls on serverless runtimes.</p>
<h1 id="android">Android</h1>
<h2 id="books-and-ebooks">Books and ebooks</h2>
<h3 id="sei-cert-android-secure-coding-standard-2015"><a
href="https://www.securecoding.cert.org/confluence/display/android/Android+Secure+Coding+Standard">SEI
CERT Android Secure Coding Standard</a> (2015)</h3>
<p><strong>Released</strong>: February 24, 2015</p>
<p>A community-maintained Wiki detailing secure coding standards for
Android development.</p>
<h1 id="c">C</h1>
<h2 id="books-and-ebooks-1">Books and ebooks</h2>
<h3 id="sei-cert-c-coding-standard-2006"><a
href="https://www.securecoding.cert.org/confluence/display/c/SEI+CERT+C+Coding+Standard">SEI
CERT C Coding Standard</a> (2006)</h3>
<p><strong>Released</strong>: May 24, 2006</p>
<p>A community-maintained Wiki detailing secure coding standards for C
programming.</p>
<h3
id="defensive-coding-a-guide-to-improving-software-security-by-the-fedora-security-team-2025"><a
href="https://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html">Defensive
Coding: A Guide to Improving Software Security by the Fedora Security
Team</a> (2025)</h3>
<p><strong>Released</strong>: February 22, 2025</p>
<p>Provides guidelines for improving software security through secure
coding. Covers common programming languages and libraries, and focuses
on concrete recommendations.</p>
<h1 id="c-1">C++</h1>
<h2 id="books-and-ebooks-2">Books and ebooks</h2>
<h3 id="sei-cert-c-coding-standard-2006-1"><a
href="https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=637">SEI
CERT C++ Coding Standard</a> (2006)</h3>
<p><strong>Released</strong>: July 18, 2006</p>
<p>A community-maintained Wiki detailing secure coding standards for C++
programming.</p>
<h1 id="c-sharp">C Sharp</h1>
<h2 id="books-and-ebooks-3">Books and ebooks</h2>
<h3 id="nonfree-security-driven-.net-2015"><img src="img/nonfree.png"
alt="nonfree" /> <a href="http://securitydriven.net/">Security Driven
.NET</a> (2015)</h3>
<p><strong>Released</strong>: July 14, 2015</p>
<p>An introduction to developing secure applications targeting version
4.5 of the .NET Framework, specifically covering cryptography and
security engineering topics.</p>
<h1 id="clojure">Clojure</h1>
<h2 id="repositories">Repositories</h2>
<h3 id="clojure-owasp-2020"><a
href="https://github.com/nubank/clj-owasp">Clojure OWASP</a> (2020)</h3>
<p><strong>Released</strong>: May 5, 2020</p>
<p>Repository with Clojure examples of OWASP top 10 vulnerabilities.</p>
<h1 id="go">Go</h1>
<h2 id="articles-1">Articles</h2>
<h3 id="memory-security-in-go---spacetime.dev-2017"><a
href="https://spacetime.dev/memory-security-go">Memory Security in Go -
spacetime.dev</a> (2017)</h3>
<p><strong>Released</strong>: August 3, 2017</p>
<p>A guide to managing sensitive data in memory.</p>
<h1 id="java">Java</h1>
<h2 id="books-and-ebooks-4">Books and ebooks</h2>
<h3 id="sei-cert-java-coding-standard-2007"><a
href="https://www.securecoding.cert.org/confluence/display/java/SEI+CERT+Oracle+Coding+Standard+for+Java">SEI
CERT Java Coding Standard</a> (2007)</h3>
<p><strong>Released</strong>: January 12, 2007</p>
<p>A community-maintained Wiki detailing secure coding standards for
Java programming.</p>
<h3 id="secure-coding-guidelines-for-java-se-2014"><a
href="http://www.oracle.com/technetwork/java/seccodeguide-139067.html">Secure
Coding Guidelines for Java SE</a> (2014)</h3>
<p><strong>Released</strong>: April 2, 2014</p>
<p>Secure Java programming guidelines straight from Oracle.</p>
<h1 id="node.js">Node.js</h1>
<h2 id="articles-2">Articles</h2>
<h3 id="node.js-security-checklist---rising-stack-blog-2015"><a
href="https://blog.risingstack.com/node-js-security-checklist/">Node.js
Security Checklist - Rising Stack Blog</a> (2015)</h3>
<p><strong>Released</strong>: October 13, 2015</p>
<p>Covers a lot of useful information for developing secure Node.js
applications.</p>
<h3 id="awesome-electron.js-hacking-pentesting-resources-2020"><a
href="https://github.com/doyensec/awesome-electronjs-hacking">Awesome
Electron.js hacking &amp; pentesting resources</a> (2020)</h3>
<p><strong>Released</strong>: June 17, 2020</p>
<p>A curated list of resources to secure Electron.js-based
applications.</p>
<h2 id="books-and-ebooks-5">Books and ebooks</h2>
<h3 id="nonfree-essential-node.js-security-2017"><img
src="img/nonfree.png" alt="nonfree" /> <a
href="https://leanpub.com/nodejssecurity">Essential Node.js Security</a>
(2017)</h3>
<p><strong>Released</strong>: July 19, 2017</p>
<p>Hands-on and abundant with source code for a practical guide to
Securing Node.js web applications.</p>
<h2 id="training">Training</h2>
<h3 id="nonfree-security-training-by-lift-security"><img
src="img/nonfree.png" alt="nonfree" /> <a
href="https://liftsecurity.io/training">Security Training by ^Lift
Security</a></h3>
<p>Learn from the team that spearheaded the <a
href="https://nodesecurity.io">Node Security Project</a></p>
<h3 id="nonfree-security-training-from-binarymist"><img
src="img/nonfree.png" alt="nonfree" /> <a
href="https://blog.binarymist.net/presentations-publications/">Security
Training from BinaryMist</a></h3>
<p>We run many types of info-sec security training, covering Physical,
People, VPS, Networs, Cloud, Web Applications. Most of the content is
sourced from the <a
href="https://leanpub.com/b/holisticinfosecforwebdevelopers">book
series</a> Kim has been working on for several years. More info can be
found <a href="https://binarymist.io/#services">here</a></p>
<h1 id="php">PHP</h1>
<h2 id="articles-3">Articles</h2>
<h3 id="its-all-about-time-2014"><a
href="http://blog.ircmaxell.com/2014/11/its-all-about-time.html">Its
All About Time</a> (2014)</h3>
<p><strong>Released</strong>: November 28, 2014</p>
<p>A gentle introduction to timing attacks in PHP applications</p>
<h3 id="secure-authentication-in-php-with-long-term-persistence-2015"><a
href="https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence">Secure
Authentication in PHP with Long-Term Persistence</a> (2015)</h3>
<p><strong>Released</strong>: April 21, 2015</p>
<p>Discusses password policies, password storage, “remember me” cookies,
and account recovery.</p>
<h3 id="point-list-for-preventing-cross-site-scripting-in-php-2013"><a
href="http://blog.astrumfutura.com/2013/04/20-point-list-for-preventing-cross-site-scripting-in-php">20
Point List For Preventing Cross-Site Scripting In PHP</a> (2013)</h3>
<p><strong>Released</strong>: April 22, 2013</p>
<p>Padriac Bradys advice on building software that isnt vulnerable to
XSS</p>
<h3 id="php-security-best-practices-for-sys-admins-2011"><a
href="http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html">25
PHP Security Best Practices For Sys Admins</a> (2011)</h3>
<p><strong>Released</strong>: November 23, 2011</p>
<p>Though this article is a few years old, much of its advice is still
relevant as we veer around the corner towards PHP 7.</p>
<h3 id="php-data-encryption-primer-2014"><a
href="https://timoh6.github.io/2014/06/16/PHP-data-encryption-cheatsheet.html">PHP
data encryption primer</a> (2014)</h3>
<p><strong>Released</strong>: June 16, 2014</p>
<p><span class="citation" data-cites="timoh6">@timoh6</span> explains
implementing data encryption in PHP</p>
<h3
id="preventing-sql-injection-in-php-applications---the-easy-and-definitive-guide-2014"><a
href="https://paragonie.com/blog/2015/05/preventing-sql-injection-in-php-applications-easy-and-definitive-guide">Preventing
SQL Injection in PHP Applications - the Easy and Definitive Guide</a>
(2014)</h3>
<p><strong>Released</strong>: May 26, 2014</p>
<p><strong>TL;DR</strong> - dont escape, use prepared statements
instead!</p>
<h3 id="you-wouldnt-base64-a-password---cryptography-decoded-2015"><a
href="https://paragonie.com/blog/2015/08/you-wouldnt-base64-a-password-cryptography-decoded">You
Wouldnt Base64 a Password - Cryptography Decoded</a> (2015)</h3>
<p><strong>Released</strong>: August 7, 2015</p>
<p>A human-readable overview of commonly misused cryptography terms and
fundamental concepts, with example code in PHP.</p>
<p>If youre confused about cryptography terms, start here.</p>
<h3 id="a-guide-to-secure-data-encryption-in-php-applications-2015"><a
href="https://paragonie.com/white-paper/2015-secure-php-data-encryption">A
Guide to Secure Data Encryption in PHP Applications</a> (2015)</h3>
<p><strong>Released</strong>: August 2, 2015</p>
<p>Discusses the importance of end-to-end network-layer encryption
(HTTPS) as well as secure encryption for data at rest, then introduces
the specific cryptography tools that developers should use for specific
use cases, whether they use <a
href="https://pecl.php.net/package/libsodium">libsodium</a>, <a
href="https://github.com/defuse/php-encryption">Defuse Securitys secure
PHP encryption library</a>, or OpenSSL.</p>
<h3 id="the-2018-guide-to-building-secure-php-software-2017"><a
href="https://paragonie.com/blog/2017/12/2018-guide-building-secure-php-software">The
2018 Guide to Building Secure PHP Software</a> (2017)</h3>
<p><strong>Released</strong>: December 12, 2017</p>
<p>This guide should serve as a complement to the e-book, <a
href="http://www.phptherightway.com">PHP: The Right Way</a>, with a
strong emphasis on security and not general PHP programmer topics
(e.g. code style).</p>
<h2 id="books-and-ebooks-6">Books and ebooks</h2>
<h3 id="nonfree-securing-php-core-concepts"><img src="img/nonfree.png"
alt="nonfree" /> <a
href="https://leanpub.com/securingphp-coreconcepts">Securing PHP: Core
Concepts</a></h3>
<p><em>Securing PHP: Core Concepts</em> acts as a guide to some of the
most common security terms and provides some examples of them in every
day PHP.</p>
<h3 id="using-libsodium-in-php-projects"><a
href="https://paragonie.com/book/pecl-libsodium">Using Libsodium in PHP
Projects</a></h3>
<p>You shouldnt need a Ph.D in Applied Cryptography to build a secure
web application. Enter libsodium, which allows developers to develop
fast, secure, and reliable applications without needing to know what a
stream cipher even is.</p>
<h2 id="useful-libraries">Useful libraries</h2>
<h3 id="defusephp-encryption"><a
href="https://github.com/defuse/php-encryption">defuse/php-encryption</a></h3>
<p>Symmetric-key encryption library for PHP applications.
(<strong>Recommended</strong> over rolling your own!)</p>
<h3 id="ircmaxellpassword_compat"><a
href="https://github.com/ircmaxell/password_compat">ircmaxell/password_compat</a></h3>
<p>If youre using PHP 5.3.7+ or 5.4, use this to hash passwords</p>
<h3 id="ircmaxellrandomlib"><a
href="https://github.com/ircmaxell/RandomLib">ircmaxell/RandomLib</a></h3>
<p>Useful for generating random strings or numbers</p>
<h3 id="thephpleagueoauth2-server"><a
href="https://github.com/thephpleague/oauth2-server">thephpleague/oauth2-server</a></h3>
<p>A secure OAuth2 server implementation</p>
<h3 id="paragonierandom_compat"><a
href="https://github.com/paragonie/random_compat">paragonie/random_compat</a></h3>
<p>PHP 7 offers a new set of CSPRNG functions:
<code>random_bytes()</code> and <code>random_int()</code>. This is a
community effort to expose the same API in PHP 5 projects (forward
compatibility layer). Permissively MIT licensed.</p>
<h3 id="pseciogatekeeper"><a
href="https://github.com/psecio/gatekeeper">psecio/gatekeeper</a></h3>
<p>A secure authentication and authorization library that implements
Role-Based Access Controls and Paragon Initiative Enterprises
recommendaitons for <a
href="https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#title.2">secure
“remember me” checkboxes</a>.</p>
<h3 id="openwallphpass"><a
href="http://www.openwall.com/phpass/">openwall/phpass</a></h3>
<p>A portable public domain password hashing framework for use in PHP
applications.</p>
<h2 id="websites-1">Websites</h2>
<h3 id="websec.io"><a href="http://websec.io">websec.io</a></h3>
<p><strong>websec.io</strong> is dedicated to educating developers about
security with topics relating to general security fundamentals, emerging
technologies and PHP-specific information</p>
<h3 id="blogs-1">Blogs</h3>
<h4 id="paragon-initiative-enterprises-blog"><a
href="https://paragonie.com/blog/">Paragon Initiative Enterprises
Blog</a></h4>
<p>The blog of our technology and security consulting firm based in
Orlando, FL</p>
<h4 id="ircmaxells-blog"><a href="http://blog.ircmaxell.com">ircmaxells
blog</a></h4>
<p>A blog about PHP, Security, Performance and general web application
development.</p>
<h4 id="pádraic-bradys-blog"><a
href="http://blog.astrumfutura.com">Pádraic Bradys Blog</a></h4>
<p>Pádraic Brady is a Zend Framework security expert</p>
<h3 id="mailing-lists">Mailing lists</h3>
<h4 id="securing-php-weekly"><a href="http://securingphp.com">Securing
PHP Weekly</a></h4>
<p>A weekly newsletter about PHP, security, and the community.</p>
<h1 id="perl">Perl</h1>
<h2 id="books-and-ebooks-7">Books and ebooks</h2>
<h3 id="sei-cert-perl-coding-standard-2011"><a
href="https://www.securecoding.cert.org/confluence/display/perl/SEI+CERT+Perl+Coding+Standard">SEI
CERT Perl Coding Standard</a> (2011)</h3>
<p><strong>Released</strong>: January 10, 2011</p>
<p>A community-maintained Wiki detailing secure coding standards for
Perl programming.</p>
<h1 id="python">Python</h1>
<h2 id="books-and-ebooks-8">Books and ebooks</h2>
<h3 id="python-chapter-of-fedora-defensive-coding-guide"><a
href="https://docs.fedoraproject.org/en-US/defensive-coding/programming-languages/Python/">Python
chapter of Fedora Defensive Coding Guide</a></h3>
<p>Lists standard library features that should be avoided, and
references sections of other chapters that are Python-specific.</p>
<h3
id="nonfree-black-hat-python-python-programming-for-hackers-and-pentesters"><img
src="img/nonfree.png" alt="nonfree" /> <a
href="https://www.nostarch.com/blackhatpython">Black Hat Python: Python
Programming for Hackers and Pentesters</a></h3>
<p>Black Hat Python by Justin Seitz from NoStarch Press is a great book
for the offensive security minds</p>
<h3 id="nonfree-violent-python"><img src="img/nonfree.png"
alt="nonfree" /> <a
href="http://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579">Violent
Python</a></h3>
<p>Violent Python shows you how to move from a theoretical understanding
of offensive computing concepts to a practical implementation.</p>
<h2 id="websites-2">Websites</h2>
<h3 id="owasp-python-security-wiki-2014"><a
href="https://github.com/ebranca/owasp-pysec/wiki">OWASP Python Security
Wiki</a> (2014)</h3>
<p><strong>Released</strong>: June 21, 2014</p>
<p>A wiki maintained by the OWASP Python Security project.</p>
<h1 id="ruby">Ruby</h1>
<h2 id="books-and-ebooks-9">Books and ebooks</h2>
<h3 id="secure-ruby-development-guide-2014"><a
href="https://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html/Secure_Ruby_Development_Guide/index.html">Secure
Ruby Development Guide</a> (2014)</h3>
<p><strong>Released</strong>: March 10, 2014</p>
<p>A guide to secure Ruby development by the Fedora Security Team. Also
available on <a
href="https://github.com/jrusnack/secure-ruby-development-guide">Github</a>.</p>
<p><a href="https://github.com/paragonie/awesome-appsec">appsec.md
Github</a></p>
Reference in New Issue View Git Blame Copy Permalink