Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/security-prince/resources-for-application-security

Some good resources for getting started with application security
https://github.com/security-prince/resources-for-application-security

application-security appsec appsec-tutorials ctf infosec infosec-reference owasp php-security security-engineering web-hacking websec websecurity websecurity-reference

Last synced: 3 months ago
JSON representation

Some good resources for getting started with application security

Host: GitHub
URL: https://github.com/security-prince/resources-for-application-security
Owner: security-prince
Created: 2018-08-27T14:42:55.000Z (almost 6 years ago)
Default Branch: master
Last Pushed: 2021-06-02T09:30:32.000Z (about 3 years ago)
Last Synced: 2024-01-22T08:37:25.968Z (6 months ago)
Topics: application-security, appsec, appsec-tutorials, ctf, infosec, infosec-reference, owasp, php-security, security-engineering, web-hacking, websec, websecurity, websecurity-reference
Homepage:
Size: 50.8 KB
Stars: 119
Watchers: 9
Forks: 25
Open Issues: 0
Metadata Files:
- Readme: README.md

Lists

awesome-security-collection - **27**星

README

        Updated post at https://ishaqmohammed.me/posts/resources-for-application-security/

# Resources for Application Security

Some good resources for getting started with application security

*Note: The resources which i have put are those which i will be using in my application security learnings, feel free to use it for your learning purpose only and if you have any suggestions dm me on [Twitter](https://twitter.com/security_prince)*

* [Development](https://github.com/security-prince/Resources-for-Application-Security#1-learn-about-web-application-technologies-and-development)

* [Application Security Books and online resources](https://github.com/security-prince/Resources-for-Application-Security#2-application-security-books-and-online-resources)

* [Hands on CTF](https://github.com/security-prince/Resources-for-Application-Security#3-hands-on-ctf)

* [SAST and DAST](https://github.com/security-prince/Resources-for-Application-Security#2-application-security-books-and-online-resources)

* [Securing Applications](https://github.com/security-prince/Resources-for-Application-Security#5-securing-applications)

* [Further reading](https://github.com/security-prince/Resources-for-Application-Security#6-further-reaading)

###### 1. Learn About Web Application Technologies and Development

* PHP with MySQL Essential Training by lynda

    1. [PHP with MySQL Beyond The Basics](https://www.lynda.com/PHP-tutorials/PHP-MySQL-Essential-Training-1-Basics/587674-2.html) 

    2. [PHP with MySQL Essential Training: 2 Build a CMS](https://www.lynda.com/MySQL-tutorials/PHP-MySQL-Essential-Training-2-Build-CMS/587675-2.html)

* [PHP: Object-Oriented Programming](https://www.lynda.com/PHP-tutorials/PHP-Object-Oriented-Programming/633867-2.html) 

* [

Learning PHP, MySQL & JavaScript, 4th Edition

With jQuery, CSS & HTML5](http://shop.oreilly.com/product/0636920036463.do)

* [Web technology for developers](https://developer.mozilla.org/bm/docs/Web) by [Mozilla](https://www.mozilla.org)

###### 2. Application Security Books and online resources

* [Web Application Hacker handbook](https://www.amazon.in/Web-Application-Hackers-Handbook-Exploiting/dp/8126533404)

* [Mastering Modern Web Penetration Testing](https://www.packtpub.com/networking-and-servers/mastering-modern-web-penetration-testing)

* [Hacker101](https://www.hacker101.com/)

* [Application Security Wiki](https://appsecwiki.com)

* [CodePath Web Security Guides](https://guides.codepath.com/websecurity)

###### 3. Hands on CTF

* [A good collection of CTFs for learning SAST and DAST](https://websec.fr/)

* [A completely open code audit challenge!](https://code-breaking.com/)

* [Securify BV spot the bug challenges](https://github.com/securifybv/spotthebug) 

* [Web Security Academy](https://portswigger.net/web-security)

* [Hacker101 CTF](https://ctf.hacker101.com/)  

###### 4. Perform SAST and DAST

Once done reading these 2 books above, try implementing the techniques you learnt from them on this [CTF challenges](https://github.com/security-prince/Resources-for-Application-Security/blob/master/README.md#3-hands-on-ctf) and the application you developed in task 1

##### 5. Securing Applications

Once we learn how to perform SAST and DAST for the application, we also need to know how to secure it, for which the below books and resource are great

* [The Tangled Web – A Guide to Securing Modern Web Applications](https://www.amazon.in/Tangled-Web-Securing-Modern-Applications/dp/1593273886)

* [Essential PHP Security](https://www.amazon.com/Essential-PHP-Security-Chris-Shiflett/dp/059600656X)

* [SQL Injection Attacks and Defense](https://www.amazon.com/SQL-Injection-Attacks-Defense-Second/dp/1597499633)

* [PHP Security](http://php.net/manual/en/security.php)

* [Survive The Deep End: PHP Security](https://phpsecurity.readthedocs.io/en/latest/)

##### 6. Further reaading

* [The Browser Hacker's Handbook](https://www.amazon.in/Browser-Hackers-Handbook-Wade-Alcorn-ebook/dp/B00JV5JDM6)

* [OWASP Testing Guide v4](https://www.owasp.org/index.php/OWASP_Testing_Project)

* [Web Hacking 101](https://leanpub.com/web-hacking-101)

* [Writing Secure Code, 2nd Edition](https://www.microsoftpressstore.com/store/writing-secure-code-9780735617223)

* [awesome-web-hacking](https://github.com/infoslack/awesome-web-hacking)

* [awesome-web-security](https://github.com/qazbnm456/awesome-web-security)

###### Bonus

[Application-Security-Engineer-Interview-Questions](https://github.com/security-prince/Application-Security-Engineer-Interview-Questions)  

#### Inspired by: [Road to Web Application Security](http://garage4hackers.com/showthread.php?t=1788) by [Amol Naik](https://twitter.com/amolnaik4)