Found in 1 comment on Hacker News
USNetizen · 2015-08-17 · Original thread
Start here for some reading material: https://github.com/paragonie/awesome-appsec

Get to know the static analysis tools out there, check out OWASP (for web apps), and learn threat modeling. Application security isn't a one-time thing, it's something that is constantly evolving and changing. Learn the processes, then go into the details from there into your chosen technology stack. I've also read this book, which is good but doesn't go very in deep with the technical stuff: http://www.amazon.com/Enterprise-Software-Security-Disciplin...

Application security isn't just about programming either. It entails elements of risk management, architecture security, configuration management and many other disciplines to be performed effectively.

Fresh book recommendations delivered straight to your inbox every Thursday.