Security

Diving deeper into all things security, I have found the following resources to be valuable.

• InfoSec
• AppSec
• Mobile
• Exploits
• Vulnerable Practice Apps
• Communities

InfoSec

• We Hack Purple Podcast Episode 78 with Jason Haddix
• Red vs Blue – A write-up of our SkillSec workshop
• So You Want To Be a Pentester? (Updated 2023) by Jack Halon
• So, You Want to CTF? (A Beginner’s Guide to CTFing) by Jaime Lightfoot
• Shooting the messenger. A story about vulnerability disclosure by Jahmel Harris
• Giggle; laughable security
• OWASP Cheat Sheet Series
• All you need to know about user session security
• When is a vulnerability not a vulnerability? by Tanya Janca
• The Effectiveness of Publicly Shaming Bad Security by Troy Hunt
• Getting Into Information Security by Mike Sass
• tl;dr sec Newsletter by Clint Gibler

AppSec

• Book "Alice and Bob Learn Application Security" by Tanya Janca
• The OWASP Application Security Program Quick Start Guide
• Continuous Learning by Tanya Janca
• Three layers to secure a software development organization
• Behavior-Driven Development (BDD) goes rogue by Laura Bell Main
• You Do Not Need to do DAST in a Pipeline to do DevSecOps by Tanya Janca
• Manual Code Reviews - Is It Time to Move On? by Sean Wright
• Tanya Janca on Cyber Mentorship, “Shifting Left” and Punk Rock
• Continuous delivery, meet continuous security by Tanya Janca
• Security is Everybody's Job Series by Tanya Janca
• BeerSecOps #10: Tanya Janca – AppSec Education
• We Hack Purple Podcast Episode 70 with Meghan Jacquot
• We Hack Purple Podcast Episode 72 with Scott Helme AGAIN
• We Hack Purple Podcast Episode 73 with Amanda Crawley
• We Hack Purple Podcast Episode 74 with Ray Espinoza
• We Hack Purple Podcast Episode 77 with Brendan Sheairs
• We Hack Purple Podcast Episode 79 with Isabelle Mauny
• The Route to Networking Podcast: E21- Tanya Janca at We Hack Purple
• The Security Repo Podcast: Getting started in AppSec with Tanya Janca SheHacksPurple
• The Application Security Podcast - Maril Vernon -- You Get What You Inspect, Not What You Expect
• Threat modeling
• Threat Model (Wikipedia)
• Threat Modeling (OWASP)
• Who is Threat Modeling? by Aaron Lord
• Advanced Threat Modeling
• Pushing Left, Like a Boss – Part 6: Threat Modelling by Tanya Janca
• The Threat Modeling Podcast: A Comprehensive Threat Modeling Strategy
• Elevation of Privilege (EoP) Threat Modeling Card Game
• OWASP Threat Dragon

ProdSec

• What’s the difference between Product Security and Application Security? by Tanya Janca
• How CISOs can shift from application security to product security by Ericka Chickowski
• The Security Table: AppSec vs. ProdSec

Mobile

• OWASP Mobile Application Security
• IOS Deep Link Attacks Part 1 – Introduction & IOS Deep Link Attacks Part 2 – Exploitation

Exploits

• Practical Example Of Client Side Path Manipulation by Antoine Roly
• Stealing passwords from infosec Mastodon - without bypassing CSP by Gareth Heyes
• The inception bar: a new phishing method by Jim Fisher
• How to win at CORS by Jake Archibald
• Cross Site Scripting (in less than 2 minutes)
• Smashing the state machine: the true potential of web race conditions by James Kettle

Practice

• Vulnerable apps
• OWASP Juice Shop
• OWASP WebGoat
• TicketMagpie
• Labs
• TryHackMe
• Hack The Box
• PortSwigger's Web Security Academy

Communities

• We Hack Purple
• OWASP
• BSides
• DEF CON
• DevSecCon's DevSecOps Community Discord
• InfoSec Community Discord
• Laptop Hacking Coffee Discord
• HackTheBox Discord
• TryHackMe Discord
• TCM Security Discord
• Threat Hunter Community Discord
• Women of Security (WoSEC)
• Women's Society of Cyberjutsu
• WiCyS
• Cyversity