Diving deeper into all things security, I have found the following resources to be valuable.
InfoSec
- We Hack Purple Podcast Episode 78 with Jason Haddix
- Red vs Blue – A write-up of our SkillSec workshop
- So You Want To Be a Pentester? (Updated 2023) by Jack Halon
- So, You Want to CTF? (A Beginner’s Guide to CTFing) by Jaime Lightfoot
- Shooting the messenger. A story about vulnerability disclosure by Jahmel Harris
- Giggle; laughable security
- OWASP Cheat Sheet Series
- All you need to know about user session security
- When is a vulnerability not a vulnerability? by Tanya Janca
- The Effectiveness of Publicly Shaming Bad Security by Troy Hunt
- Getting Into Information Security by Mike Sass
- tl;dr sec Newsletter by Clint Gibler
AppSec
- Book "Alice and Bob Learn Application Security" by Tanya Janca
- The OWASP Application Security Program Quick Start Guide
- Continuous Learning by Tanya Janca
- Three layers to secure a software development organization
- Behavior-Driven Development (BDD) goes rogue by Laura Bell Main
- You Do Not Need to do DAST in a Pipeline to do DevSecOps by Tanya Janca
- Manual Code Reviews - Is It Time to Move On? by Sean Wright
- Tanya Janca on Cyber Mentorship, “Shifting Left” and Punk Rock
- Continuous delivery, meet continuous security by Tanya Janca
- Security is Everybody's Job Series by Tanya Janca
- BeerSecOps #10: Tanya Janca – AppSec Education
- We Hack Purple Podcast Episode 70 with Meghan Jacquot
- We Hack Purple Podcast Episode 72 with Scott Helme AGAIN
- We Hack Purple Podcast Episode 73 with Amanda Crawley
- We Hack Purple Podcast Episode 74 with Ray Espinoza
- We Hack Purple Podcast Episode 77 with Brendan Sheairs
- We Hack Purple Podcast Episode 79 with Isabelle Mauny
- The Route to Networking Podcast: E21- Tanya Janca at We Hack Purple
- The Security Repo Podcast: Getting started in AppSec with Tanya Janca SheHacksPurple
- The Application Security Podcast - Maril Vernon -- You Get What You Inspect, Not What You Expect
- Threat modeling
- Threat Model (Wikipedia)
- Threat Modeling (OWASP)
- Who is Threat Modeling? by Aaron Lord
- Advanced Threat Modeling
- Pushing Left, Like a Boss – Part 6: Threat Modelling by Tanya Janca
- The Threat Modeling Podcast: A Comprehensive Threat Modeling Strategy
- Elevation of Privilege (EoP) Threat Modeling Card Game
- OWASP Threat Dragon
ProdSec
Mobile
- OWASP Mobile Application Security
- IOS Deep Link Attacks Part 1 – Introduction & IOS Deep Link Attacks Part 2 – Exploitation
Exploits
- Practical Example Of Client Side Path Manipulation by Antoine Roly
- Stealing passwords from infosec Mastodon - without bypassing CSP by Gareth Heyes
- The inception bar: a new phishing method by Jim Fisher
- How to win at CORS by Jake Archibald
- Cross Site Scripting (in less than 2 minutes)
- Smashing the state machine: the true potential of web race conditions by James Kettle