Glad you asked. This is a list I like to call, "how to become an extremely effective and formidable security engineer."
1. The Web Application Hacker's Handbook
Probably the first book you want to read; this will teach you the core mindset you need for finding security flaws in web applications as well as give a very strong foundation for the different classes of vulnerabilities.
2. The Mobile Application Hacker's Handbook
Good supplement to #1 for application security, obviously focused on mobile apps.
3. The Art of Software Security Assessment
The bible of the security industry. Especially instructive for source code review.
4. Security Engineering (Ron Anderson)
Supplements #3. Very instructive for injecting security into the overall SDLC and designing secure software.
5. The Tangled Web
Excellent historical background and good high level overview of many information security topics. Every engineer should read this, even if they don't work in security.
6. Gray Hat Python
Very hands on, good introduction to aspects of reverse engineering and the typical work an e.g. security consultant will do at a top firm.
7. Practical Malware Analysis
Very good introduction to malware analysis.
8. Practical Reverse Engineering
This book, along with #9 will teach you everything you need to know to effectively reverse engineer software for security-focused analysis.
9. Reversing: Secrets of Reverse Engineering
10. The IDA Pro Book
You'll want this if you have any plan to work with IDA Pro at all, which is the gold standard for decompiling and reversing software.
11. The Shellcoder's Handbook
If you'd like to write exploits after you're done reversing software to find an exploitable bug, this is a good book to pick up.
12. Cryptography Engineering
Very solid and broad introduction to cryptography. Every engineer should read this, even if they don't work in security.
13. Introduction to Modern Cryptography
This book, along with #14 is what you want to read if you're going to work as a cryptographer or cryptanalyst professionally.
14. Handbook of Applied Cryptography
--------------------------------------
Theoretically, these books should resolve your known-unknowns and your unknown-unknowns. Anyone who reads and works through the list should be capable of designing secure software, finding errors in white and black box source code reviews and finding errors in white and black box penetration tests.
If you're looking to get into this professionally, feel free to contact me if you have any questions and I'll do my best to help.
1. The Web Application Hacker's Handbook
Probably the first book you want to read; this will teach you the core mindset you need for finding security flaws in web applications as well as give a very strong foundation for the different classes of vulnerabilities.
2. The Mobile Application Hacker's Handbook
Good supplement to #1 for application security, obviously focused on mobile apps.
3. The Art of Software Security Assessment
The bible of the security industry. Especially instructive for source code review.
4. Security Engineering (Ron Anderson)
Supplements #3. Very instructive for injecting security into the overall SDLC and designing secure software.
5. The Tangled Web
Excellent historical background and good high level overview of many information security topics. Every engineer should read this, even if they don't work in security.
6. Gray Hat Python
Very hands on, good introduction to aspects of reverse engineering and the typical work an e.g. security consultant will do at a top firm.
7. Practical Malware Analysis
Very good introduction to malware analysis.
8. Practical Reverse Engineering
This book, along with #9 will teach you everything you need to know to effectively reverse engineer software for security-focused analysis.
9. Reversing: Secrets of Reverse Engineering
10. The IDA Pro Book
You'll want this if you have any plan to work with IDA Pro at all, which is the gold standard for decompiling and reversing software.
11. The Shellcoder's Handbook
If you'd like to write exploits after you're done reversing software to find an exploitable bug, this is a good book to pick up.
12. Cryptography Engineering
Very solid and broad introduction to cryptography. Every engineer should read this, even if they don't work in security.
13. Introduction to Modern Cryptography
This book, along with #14 is what you want to read if you're going to work as a cryptographer or cryptanalyst professionally.
14. Handbook of Applied Cryptography
--------------------------------------
Theoretically, these books should resolve your known-unknowns and your unknown-unknowns. Anyone who reads and works through the list should be capable of designing secure software, finding errors in white and black box source code reviews and finding errors in white and black box penetration tests.
If you're looking to get into this professionally, feel free to contact me if you have any questions and I'll do my best to help.