DEV Community

Discussion on: How to learn web application security

Collapse
 
cedrickchee profile image
Cedric Chee

First of all, thank you for the post.

I prefer to learn by reading books and I've been recommended:

  • The Web Application Hacker's Handbook (WAHH). They say this is widely considered the Bible of penetration testing for web apps. Web Security Academy (WSA) has been mentioned in the comments. WSA is an interactive version of WAHH book.
  • The one book that everybody recommends is The Tangled Web. Matasano gave this book to their candidates. According to Thomas Ptacek, "it's probably the best all-around browser security book, but it's not the best application security book, since it spends much more time on browsers and browser technology than it does on the server-side issues (like SQL databases and authorization systems) that dominate web appsec."

Disclaimer: I'm not a web app security expert. Just a software engineer learning the fundamentals of web appsec.

Collapse
 
sargalias profile image
Spyros Argalias

Thanks!