DevSecOps and cybersecurity — the canonical books, OWASP/NIST frameworks, and the blogs that keep you current. Links open in a new tab.
Books
| Resource | What | Link |
|---|
| The Web Application Hacker's Handbook | Web security deep dive. | book |
| Security Engineering — Ross Anderson | Comprehensive; free online. | site |
| Hacking: The Art of Exploitation — Erickson | Exploitation techniques. | book |
| Applied Cryptography — Schneier | Cryptographic methods. | book |
Research Papers
| Resource | What | Link |
|---|
| OWASP Top 10 | Web app vulnerabilities. | site |
| USENIX Security | Conference materials. | site |
| CIS Benchmarks | Security standards. | site |
| NIST Cybersecurity Framework | Federal guidance. | site |
GitHub Repositories
| Resource | What | Link |
|---|
| Awesome DevSecOps | DevSecOps compilation. | repo |
| Security Guide for Developers | Developer-focused. | repo |
| OWASP Cheat Sheet Series | Quick references. | repo |
| Awesome Security | Curated resources. | repo |
Videos & Courses
| Resource | What | Link |
|---|
| OWASP Global | Security presentations. | video |
| Black Hat | Professional security talks. | video |
| DEF CON | Hacking community. | video |
| Offensive Security | Pentest courses. | site |
Articles & Blogs
| Resource | What | Link |
|---|
| Schneier on Security | Bruce Schneier. | site |
| Krebs on Security | Cybersecurity news. | site |
| The Hacker News | Threat intel. | site |
| OWASP Blog | Org announcements. | site |
Recommended Reading
| Resource | What | Link |
|---|
| OWASP | Leading security org. | site |
| CVE Database | Vulnerability registry. | site |
| CISA KEV Catalog | Known exploited vulns. | site |
where to start
Start with OWASP Top 10 and the OWASP Cheat Sheets, read Anderson's Security Engineering (free), and follow Krebs + Schneier.