The following are great places to learn more about software security. If you know of others that should be added, please let me know in the form at the bottom of the page.
Advice
- Put Your Money Under Your Mattress – Curmudgeon Security Tips
- Closing the Barn Door – Software Security
- EFF Data privacy report for major technology companies
- SQL Injection- When Will We Learn?
- SQL Injection is so “2000-and-late”
Community resources
- OWASP – Open Web Application Security Project
- OWASP Source Code Analysis Tools
- NTIA SBOM info – software bill of materials
- sqlmap – Automatic SQL injection and database takeover tool (open source)
- IBM DeveloperWorks article on fighting SQL injection
Training
- Hack-me training from Udemy (free and paid)
- OWASP Online Academy (free)
- PCI Council training and qualification programs
- PC DSS Bootcamp – Udemy (paid)
- Security Journey – Hack EDU (paid)
- University of Wisconsin Software Security Course (free)
Supply Chain
- OWASP Component Analysis
- OWASP Dependency Check (SCA)
- NTIA SBOM minimum elements info
- SBOM FAQ from NTIA
Standards
- CERT Secure Coding Standards
- CWE – Common Weakness Enumeration
- DISA STIG – Application Security & Development
- Microsoft Secure Coding Guidelines
- PCI – Payment Card Industry Security Standards
Books
- SQL Injection Attacks and Defense, Second Edition
- Basics of SQL injection Analysis, Detection and Prevention: Web Security
- Iron-Clad Java
- 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
- Building Secure Software: How to Avoid Security Problems the Right Way
- Software Security Engineering: A Guide for Project Managers
- Official (ISC)2 Guide to the CSSLP CBK, Second Edition ((ISC)2 Press)
- CSSLP Certification All-in-One Exam Guide
