Diving deeper into all things security, I have found the following resources to be valuable.
InfoSec
- We Hack Purple Podcast Episode 78 with Jason Haddix
- Red vs Blue – A write-up of our SkillSec workshop
- So You Want To Be a Pentester? (Updated 2023) by Jack Halon
- So, You Want to CTF? (A Beginner’s Guide to CTFing) by Jaime Lightfoot
- Shooting the messenger. A story about vulnerability disclosure by Jahmel Harris
- Giggle; laughable security
- OWASP Cheat Sheet Series
- All you need to know about user session security
- When is a vulnerability not a vulnerability? by Tanya Janca
- The Effectiveness of Publicly Shaming Bad Security by Troy Hunt
- Getting Into Information Security by Mike Sass
- Security Zines
- all InfoSec news - Your InfoSec news aggregator
AppSec
- Book "Alice and Bob Learn Application Security" by Tanya Janca
- The OWASP Application Security Program Quick Start Guide
- Continuous Learning by Tanya Janca
- Three layers to secure a software development organization
- Behavior-Driven Development (BDD) goes rogue by Laura Bell Main
- You Do Not Need to do DAST in a Pipeline to do DevSecOps by Tanya Janca
- Manual Code Reviews - Is It Time to Move On? by Sean Wright
- Tanya Janca on Cyber Mentorship, “Shifting Left” and Punk Rock
- Continuous delivery, meet continuous security by Tanya Janca
- Security is Everybody's Job Series by Tanya Janca
- BeerSecOps #10: Tanya Janca – AppSec Education
- We Hack Purple Podcast Episode 70 with Meghan Jacquot
- We Hack Purple Podcast Episode 72 with Scott Helme AGAIN
- We Hack Purple Podcast Episode 73 with Amanda Crawley
- We Hack Purple Podcast Episode 74 with Ray Espinoza
- We Hack Purple Podcast Episode 77 with Brendan Sheairs
- We Hack Purple Podcast Episode 79 with Isabelle Mauny
- The Route to Networking Podcast: E21- Tanya Janca at We Hack Purple
- The Security Repo Podcast: Getting started in AppSec with Tanya Janca SheHacksPurple
- The Application Security Podcast: Maril Vernon - You Get What You Inspect, Not What You Expect
- The Application Security Podcast: Harshil Parikh - Deep Environmental and Organizational Context in Application Security
- The Application Security Podcast: Tanya Janca - What Secure Coding Really Means
- A Career in AppSec by Sean Wright
- Cybersecurity Isn’t Special by Kelly Shortridge
- How Spoutible’s Leaky API Spurted out a Deluge of Personal Data by Troy Hunt
- Docker Security – Step-by-Step Hardening (Docker Hardening)
- Threat modeling
- Threat Modeling Manifesto
- Threat Model (Wikipedia)
- Threat Modeling (OWASP)
- Who is Threat Modeling? by Aaron Lord
- Advanced Threat Modeling
- Pushing Left, Like a Boss – Part 6: Threat Modelling by Tanya Janca
- The Threat Modeling Podcast: A Comprehensive Threat Modeling Strategy
- Elevation of Privilege (EoP) Threat Modeling Card Game
- OWASP Threat Dragon
- The Threat Modeling Podcast: Akira Brand - Gaining Experience by Threat Modeling
- Attack trees
- Usable security
- Insecure & Unintuitive: How We Need to Fix the UX of Security by Jared Spool
- Secure Design Concepts w/ Tanya Janca
- Security and usability: you CAN have it all!
- How good UX leads to great security by Josh Ben-David
- Security champions
- Building Security Champions by Tanya Janca
- Security Champions (OWASP)
- Security champions series by Snyk
- The Security Champion Framework by Chris Romeo, Izar Tarandach and Brook Schoenfield
- The Security Champions Podcast: Tanya Janca - A Recipe for Security Champions
ProdSec
- What’s the difference between Product Security and Application Security? by Tanya Janca
- How CISOs can shift from application security to product security by Ericka Chickowski
- The Security Table: AppSec vs. ProdSec
- The Application Security Podcast: Jay Bobo & Darylynn Ross - App Sec Is Dead. Product Security Is the Future.
Mobile
- OWASP Mobile Application Security
- IOS Deep Link Attacks Part 1 – Introduction & IOS Deep Link Attacks Part 2 – Exploitation
- One Scheme to Rule Them All: OAuth Account Takeover by Mohamed Benchikh
- Mobile Security Framework (MobSF)
- MOBEXLER - A Mobile Application Penetration Testing Platform
Exploits
- Practical Example Of Client Side Path Manipulation by Antoine Roly
- Stealing passwords from infosec Mastodon - without bypassing CSP by Gareth Heyes
- The inception bar: a new phishing method by Jim Fisher
- How to win at CORS by Jake Archibald
- Cross Site Scripting (in less than 2 minutes)
- Smashing the state machine: the true potential of web race conditions by James Kettle
- SecLists by Daniel Miessler, Jason Haddix, and g0tmi1k.
- How to stay safe from repo-jacking by Kevin Backhouse
- Darknet Diaries EP 144: Rachel on social engineering with Rachel Tobac
Practice
Communities
- We Hack Purple
- OWASP
- BSides
- DEF CON
- DevSecCon's DevSecOps Community Discord
- InfoSec Community Discord
- Laptop Hacking Coffee Discord
- HackTheBox Discord
- TryHackMe Discord
- TCM Security Discord
- Threat Hunter Community Discord
- PentesterLab Discord
- Women of Security (WoSEC)
- Women's Society of Cyberjutsu
- WiCyS
- Cyversity