Resources for Application Security

Some good resources for getting started with application security

• Web Application Technologies and Development

  • Web Architecture 101
    
  • System Design 101
    
  • Learn web development
  • Web technology for developers
    
  • How Browsers Work: Behind the scenes of modern web browsers
    
  • Inside look at modern web browser (part 1)
    
  • Inside look at modern web browser (part 2)
    
  • Inside look at modern web browser (part 3)
    
  • Inside look at modern web browser (part 4)
    
  • Properly Understanding the DOM
    
  • javascript.info
    
  • Web Skills
    
    

• Application Security Books and online resources

  • A Beginner’s Guide to Careers in Application Security
    
  • So, you want to work in security?
    
  • So you want to work in security, lcamtuf’s version
    
  • So you want to be a security engineer?
    
  • So you want to be a pentester?
    
  • Web Application Security Fundamentals
    
  • Getting into Application Security
    
  • LiveOverflow Web Hacking
    
  • PwnFunction Web Security 101
    
  • Attacking Web Applications
    
  • Defending Web Applications
    
  • Learn BurpSuite
    
  • Burp Testing Methodologies
    
  • Web Application Hacker’s handbook
    
  • CNIT 129S: Securing Web Applications
    
  • CNIT 129S: Securing Web Applications Youtube Playlist
    
  • Mastering Modern Web Penetration Testing
    
  • Hacker101
    
  • Application Security Wiki
    
  • CodePath Web Security Guides
    
  • CS 253 Web Security course
    
  • CS 253 Web Security Youtube Playlist
    
  • Burp Testing Methodologies
    
  • Web Security Academy
    
  • HowToHunt - Tutorials and Things to try while testing particular vulnerability
    

• Hands on CTF & Labs

  • websec.fr - A good collection of CTFs for learning SAST and DAST
  • DomGoat - DOM Security Learning Platform
  • Code-Breaking - A completely open code audit challenge!
  • Securify BV spot the bug challenges
  • Web Security Academy - All labs
  • Hacker101 CTF
    
  • Application Security Training Redefined
    

• Securing Applications

  • The Tangled Web – A Guide to Securing Modern Web Applications
  • Secure Coding Handbook
  • Essential PHP Security
  • SQL Injection Attacks and Defense
  • PHP Security
  • Survive The Deep End: PHP Security
    
  • Securec0ding
    
  • WhitePaper: Defense against Client-Side Attacks

• Further Reading and Resources

  • High-Level Approaches for Finding Vulnerabilities
    
  • Deep dive into browser parsing and XSS payload encoding
  • OWASP Testing Guide
    
  • Beginners Guide to 0day/CVE AppSec Research
  • Secure Code Wiki
    
  • SEI CERT Coding Standards
    
  • Web Hacking 101
    
  • Writing Secure Code, 2nd Edition
    
  • awesome-web-hacking
    
  • awesome-web-security
    
  • Awesome AppSec
    
  • web-methodology
    
  • CSP useful, a collection of scripts, thoughts about CSP
    
  • websec.fr Solutions
    
  • Code-Breaking Puzzles dockerfiles && writeups
    
  • SPOT THE BUG CHALLENGE 2016 WRITE-UP
    
  • SPOT THE BUG CHALLENGE 2015 WRITE-UP
    
  • PHP Security Calendar 2017
    
  • JAVA Security Calendar 2019
    
  • Wordpress Security Calendar 2018
    
  • Browser Exploitation for Fun and Profit
    
  • The Browser Hacker’s Handbook
    
  • X41’s Browser Security White Paper (alternate link)
    
  • Cure53’s Browser Security White Paper (alternate link)
    
  • The Ugly Truth about Bug Bounty Hunting
    
  • LiveOverflow Browser Exploitation
    
  • AppSecEngineer
    
  • Hella-Secure
    
  • Bug Bounty Reports Explained
    
  • Web Application Security Roadmap
  • Cybersecurity Career Path
    

• Bonus

  • Application Security Engineer Interview Questions
    
  • Application Security Knowledgebase

The resources which i have put are those which i am using in my application security learnings, feel free to use it for your learning purpose only and if you have any suggestions dm me on Twitter

Inspired by: Road to Web Application Security by Amol Naik