Links for Getting Started in Application Security
Whenever I speak at a meetup I tend to mention the same couple of resources for getting started in AppSec, sharing them after the event on meetup pages or via email. Below is that list of resources, I hope they help you.
The secure coding course that I recommend starting with, by Sunny Wear (free): https://www.cybrary.it/course/secure-coding/
The OWASP Cheat Sheets Series (all the AppSec Secrets): https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series
OWASP Dependancy Check (to check if your code libraries, includes and other components are no longer supported or known to be vulnerable): https://www.owasp.org/index.php/OWASP_Dependency_Check
OWASP Zed Attack Proxy, AKA “Zap” (web proxy/web app vulnerability scanner): https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
My own open-source project: https://www.owasp.org/index.php/OWASP_DevSlop_Project
My course about how to do basic vulnerability scanning of a web app using OWASP Zap: https://code.tutsplus.com/courses/how-to-hack-your-own-app
If you want to see some of my other talks, go here:
- Security is Everybody’s job: https://vimeo.com/album/5189967
- Are you ready for the worst? Application Security Incident Response: https://www.youtube.com/watch?v=NRdPg4KhfLk
- Insecurity in Information Technology: https://www.youtube.com/watch?v=2qU0d_hoidc
- Pushing Left, Like a Boss: https://www.youtube.com/watch?v=mPTmuaC2lOI
- XSS Deep Dive (AppSec Lesson): https://www.youtube.com/watch?v=lA02ipAXPlM
Thanks for reading!