.findsecbugs.findsecbugs-website.1.4.3.source-code.security.htm Maven / Gradle / Ivy
Show all versions of findsecbugs-website Show documentation
Websites
The following resources are excellent to learn about the various types of vulnerability.
Find Security Bugs will often reference to those websites.
-
OWASP Top 10 (2013 Edition)
The OWASP Top 10 is the list of 10 high level categories of vulnerabilities.
-
WASC : Threat classification
A great list of specific vulnerability types. Some vulnerabilities are not associate to high-level programming language such as Java (see Buffer Overflow and Format String).
-
OWASP Java Project
Although, the wiki is not mature. You will possibly find information on more specialized topic.
-
Common Weakness Enumeration
Detail database of vulnerability types.
-
Google/Bing
Don't limit yourself to general knowledge bases. If you are looking for specific information, you will find
online valuable research papers, blog posts and articles.
Books
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
This book is all about black-box testing and gaining the attacker reflexes. It describes the different
vulnerabilities that can be found in web applications. The book is well structured.
The technical details can be useful for beginner and intermediate developer/hacker.
It is almost flawless. You will probably be disappointed by the code review chapter if you are a well-rounded developer.
Iron-Clad Java: Building Secure Web Applications
The particularity of this book is that it isn't technology agnostic. That's not a fault. This means that it focuses
on Java applications. The guidelines are therefore more specialized.
Beginning Cryptography with Java
If you are looking for a cryptography reference, this book focus only on this topic. The content of the book is slightly dated.
It doesn't cover some modern attack scenarios. This book can still be useful if you want to quickly master the Java Cryptography API.