Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/duo-labs/appsec-education

Presentations, training modules, and other education materials from Duo Security's Application Security team.
https://github.com/duo-labs/appsec-education

appsec education training-materials

Last synced: about 1 month ago
JSON representation

Presentations, training modules, and other education materials from Duo Security's Application Security team.

Host: GitHub
URL: https://github.com/duo-labs/appsec-education
Owner: duo-labs
License: bsd-3-clause
Created: 2019-10-22T16:40:08.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2021-07-15T21:51:24.000Z (over 3 years ago)
Last Synced: 2024-11-02T17:36:15.313Z (about 1 month ago)
Topics: appsec, education, training-materials
Language: JavaScript
Homepage:
Size: 83.6 MB
Stars: 71
Watchers: 9
Forks: 15
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-devsecops - Application Security Education - _Duo Security_ - Training materials created by the Duo application security team, including introductory and advanced training presentations and hands-on labs. (Resources / Training)
awesome-devsecops - Application Security Education - _Duo Security_ - Training materials created by the Duo application security team, including introductory and advanced training presentations and hands-on labs. (Resources / Training)

README

# Duo Security - Application Security Education

This repository contains resources provided by the [Duo Security](https://duo.com) Application security team.

Find out more about Duo Security's efforts to democratize security for all in this blog post: [https://duo.com/blog/improving-application-security-education-through-community](https://duo.com/blog/improving-application-security-education-through-community).

## Training Decks

In this directory you'll find PDF and PowerPoint versions of two internal presentations developed and presented by our Application Security team:

- Introduction to Application Security
- Advanced Application Security

Each of these presentations include content covering a wide range of application security topics, common vulnerabilities and remediation recommendations.

## Hunter2 Labs

As a part of this public release of our content, we've also included the code and content for our custom Hunter2 labs. [Hunter2](https://hunter2.com) is a platform specifically designed to help users gain application security knowledge through hands-on labs, identifying issues and fixing vulnerabilities.

Current labs cover:

- HTTP Header Injection
- JSON Injection
- Flaws in JWTs
- Mass Assignment
- Type juggling issues (Power of None)
- Replay Attacks

Each lesson directory contains a `content/` subdirectory containing Markdown files for the lesson content and a `code/` directory containing the related vulnerable application.

These lessons have been made available on the Hunter2 platform a part of a collaboration between the Hunter2 service and Duo Security. More information about it can be found on the Hunter2 site: [https://hunter2.com/community](https://hunter2.com/community)