This is a curated list of links related to information security. To prevent link rot, resources are cached under the bracketed links. If this collection is useful to you, please contribute back by forwarding any quality resources to us.


Core concepts


Computer security

Network security

Human factors


Core concepts


  • Cryptography engineering, ISBN 9780470474242
  • Everyday cryptography, ISBN 9780199695591

Computer security

  • Hacking: The art of exploitation, ISBN 9781593271442
  • Computer security, ISBN 9780470741153

Network security

  • Network security assessment, ISBN 9781491910955
  • Thinking security, ISBN 9780134277547

Human factors

  • Managing the human factor in information security, ISBN 9780470721995
  • A practical guide to managing information security, ISBN 9781580537025

Technical track

Implementing security project

  • Software security, ISBN 9780321356703
  • Car hacker’s handbook, ISBN 9781593277031
  • Abusing the Internet of Things, ISBN 9781491902332

Code audit project

  • The art of software security assessment, ISBN 9780321444424
  • A bug hunter’s diary, ISBN 9781593273859

Web app pentest project

  • The Web application hacker’s handbook, ISBN 9781118026472
  • The tangled Web, ISBN 9781593273880

Human track

Architecting security project

  • Threat modeling, ISBN 9781118809990
  • Designing connected products, ISBN 9781449372569
  • Abusing the Internet of Things, ISBN 9781491902332

User study project

  • Usable security: History, themes, and challenges, ISBN 9781627055291
  • Just enough research, ISBN 9781937557102
  • Rocket surgery made easy, ISBN 9780321657299

Phishing campaign project

  • Social engineering in IT security, ISBN 9780071818469
  • Influence: Science and practice, ISBN 9780205609994

Audit reports

Audit reports tend to be very different across the board. The ones listed here are mostly simple ones, as we think these are better examples for students than reports filled with chart junk. Also, in contrast to fundamental security research detailing security flaws, these audit reports provide an evaluation of security in context.

Anagram - Skype [PDF]

Coinspect - Zcash [PDF]

Cure53 - CaseBox (code audit) [PDF]

Cure53 - CaseBox (production) [PDF]

Cure53 - Cryptocat 2 [PDF]

Cure53 - Clipperz [PDF]

Cure53 - Dnsmasq [PDF]

Cure53 - GlobaLeaks [PDF]

Cure53 - Mailvelope [PDF]

Cure53 - miniLock [PDF]

Cure53 - Onion Browser [PDF]

Cure53 - OpenPGP.js [PDF]

Cure53 - SecureDrop [PDF]

Cure53 - Subrosa [PDF]

Defuse - eCryptfs [TXT]

Defuse - EncFS [TXT]

Defuse - Hash0 [TXT]

Defuse - PEFS [TXT]

Defuse - ZeroBin [TXT]

Fox-IT - DigiNotar [PDF]

Fraunhofer - TrueCrypt [PDF]

IOActive - Bromium vSentry [PDF]

ISE - Apple iPhone [PDF]

iSEC - Security audit review [PDF]

iSEC - Cryptocat iOS [PDF]

iSEC - MediaWiki [PDF]

iSEC - Psiphon 3 [PDF]

iSEC - TrueCrypt [PDF]

Least Authority - Cryptocat [PDF]

Least Authority - GlobaLeaks [PDF]

Least Authority - SpiderOak Crypton [PDF]

Leviathan - OmniFileStore [PDF]

Leviathan - SpiderOak Crypton [PDF]

Matasano - NetApp MultiStore [PDF]

Matasano - Secure64 SourceT [PDF]

MITRE - Android [PDF]

mnemonic - Norwegian electronic voting system [PDF]

NCC Group - Docker Notary [PDF]

NCC Group - osquery [PDF]

NCC Group - phpMyAdmin [PDF]

NCC Group - Ricochet [PDF]

NCC Group - TrueCrypt [PDF]

NCC Group - Zcash [PDF]

Offensive Security - Sample report [PDF]

OPM-OIG - US Office of Personnel Management [PDF]

Princeton University - Diebold AccuVote-TS [PDF]

Princeton University - Safeplug [PDF]

PwC - HM Revenue and Customs [PDF]

Quarkslab - ChatSecure [PDF]

Quarkslab - VeraCrypt [PDF]

Radboud University - Megamos Crypto [PDF]

Sakurity - Peatio [PDF]

Trail of Bits - Apple iOS 4 [PDF]

Trail of Bits - Zlib [PDF]

University of Michigan - Estonian I-voting system [PDF]

University of Washington - DeadDrop [PDF]

Veracode - Cryptocat [PDF]

Veracode - GlobaLeaks and Tor2web [PDF]