Though there is a real wealth of infosec learning resources out there including an immense collection of online training to a dizzying array of unique blogs from security professionals and enthusiasts, having a solid, old-fashioned book as a reference or instructional tool is always good to have!

With this in mind, I’ve created an Amazon list with all the Infosec books I own. Though I certainly haven’t read each of these cover-to-cover, I purchased each based on the good reviews they received and the value of their content relevant to my interests in information security.

I’m always looking to learn and as such am continuously evaluating new books to add to my library. In this vein, I also maintain an Amazon list of books I am looking to potentially purchase.

Book Library   Shopping List

Book Reviews

Below I share my thoughts on the books that I do use regularly or have read most of.


The Web Application Hackers Handbook (2nd Edition)

This book is truly the bible of web application hacking and though it has been superseded by PortSwigger’s Web Security Academy it’s content is still extremely relevant and a great resource for any appsec professional. With inline exercises and questions, it can be used not only as a spot reference but also as a textbook of sorts which could be read cover-to-cover (give yourself some time as it’s certainly a tome at 800+ pages). Can’t recommend this book enough!