resources.md

Resources – Developing Secure Software

Official Training

• Linux Foundation Training: Developing Secure Software (LFD121)

Secure Development Frameworks

• OWASP Software Assurance Maturity Model (SAMM): https://owaspsamm.org/
• NIST Secure Software Development Framework (SSDF): https://csrc.nist.gov/publications/detail/sp/800-218/final
• Microsoft Secure Development Lifecycle (SDL): https://www.microsoft.com/en-us/securityengineering/sdl

Guidelines & References

• OWASP Top Ten
• CWE Top 25
• BSIMM (Building Security In Maturity Model)

Tools

• SAST: SonarQube, Semgrep, CodeQL.
• DAST: OWASP ZAP, Burp Suite.
• SCA: Dependency-Check, Trivy, Snyk.
• Secrets Management: HashiCorp Vault, GitHub Secrets, AWS Secrets Manager.

Books

• Writing Secure Code – Michael Howard & David LeBlanc
• The Tangled Web: A Guide to Securing Modern Web Applications – Michal Zalewski
• Building Secure and Reliable Systems – Google SRE team