Writing Secure Code
This book teaches developers how to protect their applications throughout the entire development process. As the name suggests it focuses on writing code that is secure and resilient to cyberattacks. It also goes over other elements of web app security from a developer’s point of view such as designing the web application itself and how to do security testing effectively. There are two editions of this book but I would recommend the 2nd edition as it includes updated information.
Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software
This book focuses on teaching programmers how to secure each phase of the software development lifecycle. It aims to teach a proven methodology for minimizing security bugs in the software that you create. This book is written by Michael Howard and Steve Lipner, both from Microsoft security engineering.
Black Hat Python: Python Programming for Hackers and Pentesters
This book focuses on creating hacking tools using the python programming language. If you’re someone that likes to program in python and looking to learn how to hack computers this book is a great way to learn how to make custom exploits as well as scripts for testing your own software applications.
Hands-On Network Programming with C: Learn socket programming in C and write secure and optimized network code
If you’re someone that frequently programs in C/C++ this book could be a good fit for you. This book focuses on building secure network programs in C/C++. Since it focuses on 1 specific programming language you can get very specific tips on things such as libraries and protocols rather than just learning it from a higher level like some of the other books on this list that focus on the SDLC.
Continuous Delivery with Docker and Jenkins: Create secure applications by building complete CI/CD pipelines
This book teaches you how to develop a complete continuous delivery process using modern DevOps tools like Docker, Jenkins, Ansible and GitHub. This book teaches you how to use these tools to build reliable and secure applications. This book is intended for anyone that works in DevOps but doesn’t require any prior knowledge of DevOps.
Alice and Bob Learn Application Security
This book takes a different approach to teaching how to secure software development. Like most other books on this list it covers all of the basic elements such as threat modelling, security testing and system architecture. However, this book differentiates itself by making the concepts easy to understand. It uses analogies from the stories of the characters Alice and Bob to explain these concepts along with real-life examples, technical explanations and diagrams to ensure maximum clarity for readers.
Violent Python
Similar to black hat python this book teaches you how to use python for developing scripts for computer hacking. This includes network attacks, Wi-Fi, forensics work and regular web application testing. This book is well known for being a practical guide, it has many examples and walkthroughs that you can follow along with for a better understanding.
