Knowledge base

You are new to web application security? Here are few resources for getting started.
Remember that learning computer security is a journey. Don't expect to be an expert within a year! ;)

The following resources are excellent to learn about the various types of vulnerabilities. Find Security Bugs will often reference those websites.

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws

This book is all about black-box testing and gaining the attacker reflexes. It describes the different vulnerabilities that can be found in web applications. The book is well structured. The technical details can be useful for beginner and intermediate developer/hacker. It is almost flawless. You will probably be disappointed by the code review chapter if you are a well-rounded developer.

 

Iron-Clad Java: Building Secure Web Applications

The particularity of this book is that it isn't technology agnostic. That's not a fault. This means that it focuses on Java applications. The guidelines are therefore more specialized.

 

Beginning Cryptography with Java

If you are looking for a cryptography reference, this book focus only on this topic. The content of the book is slightly dated. It doesn't cover some modern attack scenarios. This book can still be useful if you want to quickly master the Java Cryptography API.