Security

Diving deeper into all things security, I have found the following resources to be valuable.

• InfoSec
• AppSec
• ProdSec
• Mobile
• Exploits
• Practice
• Communities
• Newsletters

InfoSec

• We Hack Purple Podcast Episode 78 with Jason Haddix
• Red vs Blue – A write-up of our SkillSec workshop
• So You Want To Be a Pentester? (Updated 2023) by Jack Halon
• So, You Want to CTF? (A Beginner’s Guide to CTFing) by Jaime Lightfoot
• Shooting the messenger. A story about vulnerability disclosure by Jahmel Harris
• Giggle; laughable security
• OWASP Cheat Sheet Series
• All you need to know about user session security
• When is a vulnerability not a vulnerability? by Tanya Janca
• The Effectiveness of Publicly Shaming Bad Security by Troy Hunt
• Getting Into Information Security by Mike Sass
• Security Zines
• all InfoSec news - Your InfoSec news aggregator 
  

AppSec

• Book "Alice and Bob Learn Application Security" by Tanya Janca
• The OWASP Application Security Program Quick Start Guide
• Continuous Learning by Tanya Janca
• Three layers to secure a software development organization
• Behavior-Driven Development (BDD) goes rogue by Laura Bell Main
• You Do Not Need to do DAST in a Pipeline to do DevSecOps by Tanya Janca
• Manual Code Reviews - Is It Time to Move On? by Sean Wright
• Tanya Janca on Cyber Mentorship, “Shifting Left” and Punk Rock
• Continuous delivery, meet continuous security by Tanya Janca
• Security is Everybody's Job Series by Tanya Janca
• BeerSecOps #10: Tanya Janca – AppSec Education
• We Hack Purple Podcast Episode 70 with Meghan Jacquot
• We Hack Purple Podcast Episode 72 with Scott Helme AGAIN
• We Hack Purple Podcast Episode 73 with Amanda Crawley
• We Hack Purple Podcast Episode 74 with Ray Espinoza
• We Hack Purple Podcast Episode 77 with Brendan Sheairs
• We Hack Purple Podcast Episode 79 with Isabelle Mauny
• The Route to Networking Podcast: E21- Tanya Janca at We Hack Purple
• The Security Repo Podcast: Getting started in AppSec with Tanya Janca SheHacksPurple
• The Application Security Podcast: Maril Vernon - You Get What You Inspect, Not What You Expect
• The Application Security Podcast: Harshil Parikh - Deep Environmental and Organizational Context in Application Security
• The Application Security Podcast: Tanya Janca - What Secure Coding Really Means
  
• A Career in AppSec by Sean Wright
• Cybersecurity Isn’t Special by Kelly Shortridge
• How Spoutible’s Leaky API Spurted out a Deluge of Personal Data by Troy Hunt
• Docker Security – Step-by-Step Hardening (Docker Hardening)
  
• Threat modeling
• Threat Modeling Manifesto
• Threat Model (Wikipedia)
• Threat Modeling (OWASP)
• Who is Threat Modeling? by Aaron Lord
• Advanced Threat Modeling
• Pushing Left, Like a Boss – Part 6: Threat Modelling by Tanya Janca
• The Threat Modeling Podcast: A Comprehensive Threat Modeling Strategy
• Elevation of Privilege (EoP) Threat Modeling Card Game
• OWASP Threat Dragon
• The Threat Modeling Podcast: Akira Brand - Gaining Experience by Threat Modeling
• Attack trees
• Attack Trees for Robust and Secure Design by Derek Fisher
  
• Usable security
• Insecure & Unintuitive: How We Need to Fix the UX of Security by Jared Spool
• Secure Design Concepts w/ Tanya Janca
• Security and usability: you CAN have it all!
• How good UX leads to great security by Josh Ben-David
• Security champions
• Building Security Champions by Tanya Janca
• Security Champions (OWASP)
• Security champions series by Snyk
• The Security Champion Framework by Chris Romeo, Izar Tarandach and Brook Schoenfield
• The Security Champions Podcast: Tanya Janca - A Recipe for Security Champions

ProdSec

• What’s the difference between Product Security and Application Security? by Tanya Janca
• How CISOs can shift from application security to product security by Ericka Chickowski
• The Security Table: AppSec vs. ProdSec
• The Application Security Podcast: Jay Bobo & Darylynn Ross - App Sec Is Dead. Product Security Is the Future.  

Mobile

• OWASP Mobile Application Security
• IOS Deep Link Attacks Part 1 – Introduction & IOS Deep Link Attacks Part 2 – Exploitation
• One Scheme to Rule Them All: OAuth Account Takeover by Mohamed Benchikh
• Mobile Security Framework (MobSF) 
• MOBEXLER - A Mobile Application Penetration Testing Platform
  

Exploits

• Practical Example Of Client Side Path Manipulation by Antoine Roly
• Stealing passwords from infosec Mastodon - without bypassing CSP by Gareth Heyes
• The inception bar: a new phishing method by Jim Fisher
• How to win at CORS by Jake Archibald
• Cross Site Scripting (in less than 2 minutes)
• Smashing the state machine: the true potential of web race conditions by James Kettle
• SecLists by Daniel Miessler, Jason Haddix, and g0tmi1k.
• How to stay safe from repo-jacking by Kevin Backhouse
• Darknet Diaries EP 144: Rachel on social engineering with Rachel Tobac
  

Practice

• Vulnerable apps
• OWASP Juice Shop
• OWASP WebGoat
• TicketMagpie
• vulnerable-apps: over 100 forks of deliberately vulnerable web applications and APIs
• Labs
• TryHackMe
• Hack The Box
• PortSwigger's Web Security Academy
• PentesterLab

Communities

• We Hack Purple
• OWASP
• BSides
• DEF CON
• DevSecCon's DevSecOps Community Discord
• InfoSec Community Discord
• Laptop Hacking Coffee Discord
• HackTheBox Discord
• TryHackMe Discord
• TCM Security Discord
• Threat Hunter Community Discord
• PentesterLab Discord
• Women of Security (WoSEC)
• Women's Society of Cyberjutsu
• WiCyS
• Cyversity

Newsletters

• [tl;dr sec] by Clint Gibler
• Reasonable Application Security by Chris Romeo
• ~this week in security~ by Zack Whittaker
• AppSec Ezine by Renato Rodrigues