Secure code (David Leblanc). There are several editions of the book. Microsoft's book is easier to read than Schneier's (and Schneier's book is harder to buy). Although both books are outdated by information security standards, at least half of their content will be relevant for several decades to come.
Famous book by Chris Kaspersky "Technique and philosophy of hacker attacks". Description of the books can be found here: kpnc.opennet.ru/allkpnc.updated.zip
Examples of books are also there. For example, "Technique of network attacks": kpnc.opennet.ru/tpna.full.zip I
also recommend the site https://www.owasp.org.
And hacking areas, there are some good areas where you can practice. The most documented site is OWASP WebGoat: https://www.owasp.org/index.php/WebGoat.Hints for the passage are on the site itself. There is also a video version of the passage.
For building knowledge into a structure, see cwe.mitre.org. Consider TOP 25 (these nodes are most fully painted). Next, pay attention to the other hundreds of possible flaws in the software and options for protecting against them.
If you enjoy watching videos for OWASP WebGoat, then go to securitytube.net.
Extremely useful project: www.pentest-standard.org/. For some time he was engaged in the translation into Russian of the materials of this project. Learned a lot while doing it. The basis is the mind-map. And a good description of the knots. Allows you to build a pen test plan in your head, protection. There's a lot going on here, I've never read anything like it in any book. But there is no detailed step-by-step instruction either, it will be necessary to speculate.

wiki.informationsecurity.club - #security knowledgebase. There are enough books here, and the legal framework, and a glossary of terms, in general, take a look ...
news.informationsecurity.club - a news aggregator also on information security and IT. You can not only receive information, but also share ...

Books: The Art of Deception, The Art of Intrusion by Mitnick and Simon.
From domestic resources pentestit.ru and positive technologies. With their positive hack days events
And in general: In order to EFFECTIVELY download IS skills, you need to download "hacking" (sorry if the name is incorrect) greyhat, whitehat. You can even blackhat, but train on "cats" (c), that is, on virtual machines. If you do not have the mindset of a computer attacker, all your efforts are in vain.

Read Schneier.

guys, but there are interesting resources where vulnerabilities are published, etc. I need a site where there is everything and on different topics, and to be published reactively quickly. For example, such a case was a colleague found out about 5 million p. I before publication on Habré a week, but did not say where he found out from, probably he was in some mailing list or on a tweet or on linkedin. I need these resources. tell.