- OWASP Top 10 - If you don't know about these, this book should be mandatory reading
- OWASP Top 10 for .NET developers - once you know about the top 10, this puts it into a .NET prespective
- The Tangled Web: A Guide to Securing Modern Web Applications - Recent book with really good content and pragmatic advise (not much .NET but amazing on WebApp)
- 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
- Developing More-Secure Microsoft ASP.NET 2.0 Applications
- Improving Web Application Security: Threats and Countermeasures (oldie but still one of the best)
- Building Secure Microsoft ASP.NET Applications (oldie but good)
- Writing Secure Code, Second Edition (oldie but good)
- OWASP Code Review book - some good stuff in there (although a bit old and not a lot of .NET Content)
Note: the links to MSDN based books were online as pdf, so look for them before buying the book :)
There is also a good database of Security knowledge provided by Security Innovation (SI) with TeamMentor (note that I work there)
- OWASP Library version - with free library containing 244 Articles
- SI Library version - with commercial library containing 3500+ articles
Finally take a look at Cat.NET's security engine (provided by Microsoft) which does static code analysis on .NET code.
Related Posts:
- Real-time Vulnerability Creation Feedback inside VisualStudio (with Greens and Reds)
- Real-Time C# Solution Compilation and Security Scanning (using Roslyn and Cat.NET)
- Running Cat.NET SAST Scanner outside VisualStudio
- New Reddit Community for Cat.Net
- Using/Consuming Cat.Net's engine inside the O2 Platform (and outside VisualStudio)
