Resources for Application Security
Some good resources for getting started with application security
-
Web Application Technologies and Development
- Web Architecture 101
- System Design 101
- Learn web development
- Web technology for developers
- How Browsers Work: Behind the scenes of modern web browsers
- Inside look at modern web browser (part 1)
- Inside look at modern web browser (part 2)
- Inside look at modern web browser (part 3)
- Inside look at modern web browser (part 4)
- Properly Understanding the DOM
- javascript.info
- Web Skills
- How Web Works
- The First Few Milliseconds of an HTTPS Connection
-
Application Security Books and online resources
- A Beginner’s Guide to Careers in Application Security
- So, you want to work in security?
- So you want to work in security, Michal Zalewski’s version
- So you want to work in security, Ivan Fratric’s version
- So you want to be a security engineer?
- Getting Into Security Engineering
- So you want to be a pentester?
- How To Become A Hacker
- Roadmap for being a self-taught hacker
- Mozilla Web Security
- Web Application Security Fundamentals
- Getting into Application Security
- LiveOverflow Web Hacking
- PwnFunction Web Security 101
- Attacking Web Applications
- Defending Web Applications
- Learn BurpSuite
- Burp Testing Methodologies
- Web Application Hacker’s handbook
- CNIT 129S: Securing Web Applications
- CNIT 129S: Securing Web Applications Youtube Playlist
- Mastering Modern Web Penetration Testing
- Hacker101
- Application Security Wiki
- CodePath Web Security Guides
- CS 253 Web Security course
- CS 253 Web Security Youtube Playlist
- Burp Testing Methodologies
- Web Security Academy
- HowToHunt - Tutorials and Things to try while testing particular vulnerability
- Demystifying HTTP request smuggling
- The target=“blank” Vulnerability
- PHP Object Injection Exploitation Notes
-
Hands on CTF & Labs
-
Securing Applications
-
Further Reading and Resources
- High-Level Approaches for Finding Vulnerabilities
- Deep dive into browser parsing and XSS payload encoding
- OWASP Testing Guide
- Beginners Guide to 0day/CVE AppSec Research
- Secure Code Wiki
- SEI CERT Coding Standards
- Web Hacking 101
- Writing Secure Code, 2nd Edition
- awesome-web-hacking
- awesome-web-security
- Awesome AppSec
- web-methodology
- CSP useful, a collection of scripts, thoughts about CSP
- websec.fr Solutions
- Code-Breaking Puzzles dockerfiles && writeups
- SPOT THE BUG CHALLENGE 2016 WRITE-UP
- SPOT THE BUG CHALLENGE 2015 WRITE-UP
- PHP Security Calendar 2017
- JAVA Security Calendar 2019
- Wordpress Security Calendar 2018
- Code Security Advent Calendar 2020 Answers
- Browser Exploitation for Fun and Profit
- The Browser Hacker’s Handbook
- X41’s Browser Security White Paper (alternate link)
- Cure53’s Browser Security White Paper (alternate link)
- The Ugly Truth about Bug Bounty Hunting
- LiveOverflow Browser Exploitation
- AppSecEngineer
- Hella-Secure
- Bug Bounty Reports Explained
- Web Application Security Roadmap
- Cybersecurity Career Path
- The Book of Secret Knowledge
- Introduction to Spring Boot Related Vulnerabilities
- Idiosyncrasies of the HTML parser
- Best platforms to learn ethical hacking!
- Secure Coding Links
- Web Application Security Working Group
-
MISC
-
Bonus
The resources which i have put are those which i am using in my application security learnings, feel free to use it for your learning purpose only and if you have any suggestions dm me on Twitter