* PyCon Crypto 101 - https://www.crypto101.io/ (and if you use Python, please use Cryptography library for encryption/decryption please, Python built-in provides sha and hmac already though, and please adopt your framework's security implementation whenever possible).
* The Tangled Web: A Guide to Securing Modern Web Applications (written by the famous MichaĆ Zalewski working at Google, and lately known for developing the American Fuzzy Loop AFL which has been used for uncovering many new CVE bugs).
* Hacking: The Next Generation
* Securing DevOps (to be released soon)
Publications:
* USENIX - https://www.usenix.org/ (tons of free high quality conference talks, I like USENIX over ACM)
* Real World Crypto
Getting real
* Go find bug bounty program out there, many well-written posts how one discovered bugs
* Follow a bunch of security engineers / security-minded folks on Twitter (e.g. @matthew_d_green would be a good start)
OWASP is a great reference, you read it as an index page. But like others have pointed out, the Wiki is often outdated, but concepts almost always remain the same. Use multiple resources before implementing a solution, and never just copy and paste solution posted by others on Stackoverflow. Sorry for so many Mozilla stuff definitely there's some bias from me but I trust folks running the sec team there.
* PyCon Crypto 101 - https://www.crypto101.io/ (and if you use Python, please use Cryptography library for encryption/decryption please, Python built-in provides sha and hmac already though, and please adopt your framework's security implementation whenever possible).
* Mozilla Web Security Guidelines - https://wiki.mozilla.org/Security/Guidelines/Web_Security
* Mozilla Secure Coding Guideline - https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines
* Mozilla Server Side TLS - https://wiki.mozilla.org/Security/Server_Side_TLS
* Mozilla Intro to Cryptography (slide: https://april.github.io/crypto-presentation video: https://www.youtube.com/watch?v=bg32spD2mB0)
* Mozilla Web wiki - https://developer.mozilla.org/en-US/docs/Web (understand CORS, Cookies, CSP, etc)
* Google's course on security - https://google-gruyere.appspot.com/ (original course page has been taken down by Google already)
Book recommendations:
* The Web Application Hacker's Handbook
* The Tangled Web: A Guide to Securing Modern Web Applications (written by the famous MichaĆ Zalewski working at Google, and lately known for developing the American Fuzzy Loop AFL which has been used for uncovering many new CVE bugs).
* Hacking: The Next Generation
* Securing DevOps (to be released soon)
Publications:
* USENIX - https://www.usenix.org/ (tons of free high quality conference talks, I like USENIX over ACM)
* Real World Crypto
Getting real
* Go find bug bounty program out there, many well-written posts how one discovered bugs
* Follow a bunch of security engineers / security-minded folks on Twitter (e.g. @matthew_d_green would be a good start)
OWASP is a great reference, you read it as an index page. But like others have pointed out, the Wiki is often outdated, but concepts almost always remain the same. Use multiple resources before implementing a solution, and never just copy and paste solution posted by others on Stackoverflow. Sorry for so many Mozilla stuff definitely there's some bias from me but I trust folks running the sec team there.