This article has been updated, again. The original published version is here, version 2 is here.
Below is a list of FREE resources that I used to learn about Application Security, that I recommend highly or that I have personally created. This is not an exhaustive list, but I do hope that you find it helpful, and that you join our industry! Seriously, we need you. :-D
- My blog series, "Pushing Left, Like a Boss", an extensive introduction and explanation of AppSec.
- My SheHacksPurple YouTube channel, many videos about all different aspects of security.
- My "TanyaTalksTech" YouTube playlist, a list of all of my publicly released talks.
- My first course on Microsoft Learn!!!! Top 5 security items to consider before pushing to production
- My OWASP project, DevSlop, has a channel on YouTube where we teach about DevSecOps. You can watch and learn with us as we implement various DevSecOps ideas into our Pipeline.
The OWASP Cheat Sheets Series (all the AppSec Secrets). If you ever can't find something specific, search for "OWASP Cheatsheet" + what you're trying to do, there usually is one. This project was started by someone named Jim Manico and is lead by Dominique Righetto, and I also recommend following both of them.
OWASP Dependancy Check - check if your code libraries, includes and other components are no longer supported or known to be vulnerable. Created by Jeremy Long.
OWASP Zed Attack Proxy, AKA "Zap" - FREE web proxy/web app vulnerability scanner, good for beginners or pros. Learning how to scan your own apps is a FANTASTIC way to learn about security. Just make sure you do it safely, read the instructions. :)
- A series of many resources by Bram Patelski: https://github.com/brampat/security
- Read my blog article with suggestions on "Getting into Security".
- Check out "Some Useful Application Security Resources", by John Opdenakker
I also shamelessly suggest that you read my blog, subscribe to watch my streaming on Twitch, Mixer and YouTube, and follow me on Twitter.
Another thing: follow my friend Francesco Cipollone on Twitter, he's All AppSec, All The Time. He's also a huge part of #CyberMentoringMonday and the InfoSec community!