A few books that I’ve read along the way that have greatly impacted my life are still good reads, even though they are getting old.
Web Application Security: Exploitation and Countermeasures for Modern Web Applications
Just published this year (2024) and am still reading this one, but enjoying it so far. I do like the format of the book of using 3 pillars (Recon, Offense, and Defense) along with a lot of newer ideas in the web application security world like, GraphQL, cloud-based deployments, and CDNs.
Web Application Hacker’s Handbook
This book is a corner-stone in web security. It properly divides vulnerabilities into different types and teaches you how to find them and what their impact is. I’ve quoted this book several times when writing the Impact portion of my Hackerone tickets.
Solid book that emphasizes the security implications of the browser and HTTP security practices and how they relate to application vulnerabilities.
Not strictly a security book, but an extremely helpful book as I learned to put my own Python scripts together for automation. Save yourself from the scope-creep and common failings of those who do not program everyday.
JavaScript for hackers: Learn to think like a hacker
Javascript for hackers is a must if you have interest in exploiting client-side vulnerabilities. Mr. Heyes shares many of the sins of JavaScript that entrap well meaning developers. It is very much up-to-date and is one you will read at least twice because of its density.