Literally the first book I thought of when I started this list, and I don't even like writing in Python. A headfirst dive into the day-to-da
Gray Hat Python: Python Programming for Hackers and Reverse Engineers
$32.00$32
The same way you can say "TAOCP" on a programming site and everyone knows you mean "Knuth", say "TOASSA" to a security person and they know
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (Volume 1 of 2)
As much as 50% of your app security work is going to involve finding flaws in web applications, and that percentage is only going to go up.
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
$47.00$47
The best security books, you can read "inside out", taking any recommendation on what to do and looking for people to do the opposite to fin
Cryptography Engineering: Design Principles and Practical Applications
$40.00$40
Skip it if you've already done dev professionally (and, if you can, try to spend a couple years doing that before coming to app security). O
The Practice of Programming (Addison-Wesley Professional Computing Series)
$49.00$49
You need C. This is the single best book on C software development that has ever been written. It takes everything you've been doing in Pyth
C Interfaces and Implementations: Techniques for Creating Reusable Software
$44.00$44
The best end-to-end treatment of the theory and practice of taking compiled binary software and working it back to its design and internal f
Reversing: Secrets of Reverse Engineering
$30.00$30
This book is tiny. Most books about Javascript are 18,000 pages long, explain how to write 1000 lines of JS to make rounded corners in IE5,
JavaScript: The Good Parts: The Good Parts
$17.00$17
You have to know SOME SQL to do web security work. My theory: the less of it you end up knowing, the happier you'll end up being. Thus: this
SQL For Dummies
$20.00$20
You want to know how modern OS's work on x86. Especially memory management. You want to know why system calls work the way they do. You want
Windows® Internals: Including Windows Server 2008 and Windows Vista, Fifth Edition
$85.00$85
Union rules require me to recommend at least one book by Charlie Miller and one book by Dino Dai Zovi, and this book, which is great, kills
The Mac Hacker's Handbook
Don't buy this until you get your IDA Pro license. And if you've been using IDA for years already, borrow it instead. But this book is the m
The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
Sooner or later you're going to hit a project where the only way to listen to and talk to the target is to bust out libpcap and do IO with r
Internetworking with TCP/IP Vol. II: ANSI C Version: Design, Implementation, and Internals (3rd Edition)
$29.00$29
Do any of those tools you wrote with libpcap after reading Comer & Stevens have to work fast? Do they have to deal with more than a couple h
Network Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked Devices (The Morgan Kaufmann Series in Networking)
$32.00$32
Eventually you'll get a project that's going to involve an exotic target, maybe synthesized onto an FPGA in some crazy RISC architecture, ma
Computation Structures (MIT Electrical Engineering and Computer Science)
One branch of binary runtime security work involves software protection, which means "copy protection" and "tamper proofing" and "anti-cheat
Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection: Obfuscation, Watermarking, and Tamperproofing for Software Protection
$65.00$65
I had a CISSP book here as a joke, but then realized that someone who clicked "buy whole list" would end up accidentally owning a CISSP book
A Supposedly Fun Thing I'll Never Do Again: Essays and Arguments
