Categories: Resources


  • API Security in Action – Book covering API security including secure development, token-based authentication, JSON Web Tokens, OAuth 2, and Macaroons. (early access, published continuously, final release summer 2020)
  • Secure by Design – Book that identifies design patterns and coding styles that make lots of security vulnerabilities less likely. (early access, published continuously, final release fall 2017)
  • Understanding API Security – Free eBook sampler that gives some context for how API security works in the real world by showing how APIs are put together and how the OAuth protocol can be used to protect them.
  • OAuth 2 in Action – Book that teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server.
  • OWASP ZAP Node API – Leverage the OWASP Zed Attack Proxy (ZAP) within your NodeJS applications with this official API.
  • GuardRails – A GitHub App that provides security feedback in Pull Requests.
  • Checkov – A static analysis tool for infrastucture as code (Terraform).
  • TFSec – A static analysis tool for infrastucture as code (Terraform).
  • KICS – Scans IaC projects for security vulnerabilities, compliance issues, and infrastructure misconfiguration. Currently working with Terraform projects, Kubernetes manifests, Dockerfiles, AWS CloudFormation Templates, and Ansible playbooks.
  • Insider CLI – A open source Static Application Security Testing tool (SAST) written in GoLang for Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C# and Javascript (Node.js).
  • Full Stack Python Security – A comprehensive look at cybersecurity for Python developers
  • Making Sense of Cyber Security – A jargon-free, practical guide to the key concepts, terminology, and technologies of cybersecurity perfect for anyone planning or implementing a security strategy. (early access, published continuously, final release early 2022)
Other cyber news you might have missed: