This article has been updated, yet again. This is version 4.
Below is a list of FREE resources that I used to learn about Application Security, that I recommend highly or that I have personally created. This is not an exhaustive list, but I do hope that you find it helpful, and that you join our industry! Seriously, we need you. :-D
- My website has a lot of free content, SheHacksPurple.dev
- My blog series, "Pushing Left, Like a Boss", an extensive introduction and explanation of AppSec.
- My SheHacksPurple YouTube channel, many videos about all different aspects of security.
- My "TanyaTalksTech" YouTube playlist, a list of all of my publicly released talks.
- My free Microsoft Learn Course Top 5 security items to consider before pushing to production
- My OWASP project, DevSlop, has a channel on YouTube where we teach about DevSecOps. You can watch and learn with us as we implement various DevSecOps ideas into our Pipeline.
- The OWASP Cheat Sheets Series (all the AppSec Secrets). If you ever can't find something specific, search for "OWASP Cheatsheet" + what you're trying to do, there usually is one. This project was started by someone named Jim Manico and is lead by Dominique Righetto, and I also recommend following both of them.
- OWASP Dependancy Check - check if your code libraries, includes and other components are no longer supported or known to be vulnerable. Created by Jeremy Long.
- OWASP Zed Attack Proxy, AKA "Zap" - FREE web proxy/web app vulnerability scanner, good for beginners or pros. Learning how to scan your own apps is a FANTASTIC way to learn about security. Just make sure you do it safely, read the instructions. :)
- A series of many resources by Bram Patelski: https://github.com/brampat/security
- Read my blog article with suggestions on "Getting into Security".
- Check out "Some Useful Application Security Resources", by John Opdenakker