Google Gruyere - Web Application Exploits and Defenses - a small, cheesy web application that allows its users to publish snippets of text and store assorted files.
Google’s XSS game - In this training program, you will learn to find and exploit XSS bugs
Damn Vulnerable Web Application (DVWA) - an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment
Linux Insides - A series of posts about the linux kernel and its insides
University of Maryland’s Software Security course on Coursera - explores the foundations of software security and covers important (and common) software vulnerabilities such as buffer overflows, SQL injection, and session hijacking
Embedded Security CTF - You’ve been given access to a device that controls a lock. Your job: defeat the lock by exploiting bugs in the device’s code.
The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws - Amazon Link
The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage - Amazon Link