paragonie/awesome-appsec

This repository is a curated reading list for people who want to learn about application security. It does not contain code. Instead, it collects links to books, articles, blog posts, online courses, practice websites, and tools that security researchers and developers have found useful. The list is maintained by Paragon Initiative Enterprises, a company that focuses on secure software development. The general section covers topics that apply to any programming language: how to generate random numbers safely, how to store passwords correctly, why certain cryptographic approaches are risky, and why investing in security matters. Books in that section range from beginner-friendly titles to deep technical references on topics like SSL and TLS, reverse engineering, and Windows internals. Many of the listed books are paid, and the list marks them clearly. Beyond the general section, the list is organized by programming language and platform. There are dedicated sections for Android, C, C++, C#, Clojure, Go, Java, Node.js, and AWS Lambda. Each section links to coding standards, language-specific articles, and sometimes repositories with example vulnerable applications for hands-on practice. The Node.js section, for example, includes a security checklist and resources on Electron app security. The practice websites listed, such as PentesterLab, Juice Shop, and OWASP NodeGoat, are intentionally vulnerable applications that let you practice finding and fixing real security flaws in a safe environment. There are also links to blogs, wiki pages like the OWASP Top Ten Project, and free online tools for checking SSL configurations and HTTP security headers. This is a reference collection, not a tutorial series. If you are trying to understand a specific security topic or pick a next book on secure coding, this list is a reasonable starting point across many languages and skill levels. The full README is longer than what was shown.