Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/security-prince/resources-for-application-security
Some good resources for getting started with application security
https://github.com/security-prince/resources-for-application-security
application-security appsec appsec-tutorials ctf infosec infosec-reference owasp php-security security-engineering web-hacking websec websecurity websecurity-reference
Last synced: 3 months ago
JSON representation
Some good resources for getting started with application security
- Host: GitHub
- URL: https://github.com/security-prince/resources-for-application-security
- Owner: security-prince
- Created: 2018-08-27T14:42:55.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2021-06-02T09:30:32.000Z (over 3 years ago)
- Last Synced: 2024-04-06T11:34:34.285Z (7 months ago)
- Topics: application-security, appsec, appsec-tutorials, ctf, infosec, infosec-reference, owasp, php-security, security-engineering, web-hacking, websec, websecurity, websecurity-reference
- Homepage:
- Size: 50.8 KB
- Stars: 123
- Watchers: 9
- Forks: 25
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-security-collection - **27**星
README
Updated post at https://ishaqmohammed.me/posts/resources-for-application-security/
# Resources for Application Security
Some good resources for getting started with application security*Note: The resources which i have put are those which i will be using in my application security learnings, feel free to use it for your learning purpose only and if you have any suggestions dm me on [Twitter](https://twitter.com/security_prince)*
* [Development](https://github.com/security-prince/Resources-for-Application-Security#1-learn-about-web-application-technologies-and-development)
* [Application Security Books and online resources](https://github.com/security-prince/Resources-for-Application-Security#2-application-security-books-and-online-resources)
* [Hands on CTF](https://github.com/security-prince/Resources-for-Application-Security#3-hands-on-ctf)
* [SAST and DAST](https://github.com/security-prince/Resources-for-Application-Security#2-application-security-books-and-online-resources)
* [Securing Applications](https://github.com/security-prince/Resources-for-Application-Security#5-securing-applications)
* [Further reading](https://github.com/security-prince/Resources-for-Application-Security#6-further-reaading)###### 1. Learn About Web Application Technologies and Development
* PHP with MySQL Essential Training by lynda
1. [PHP with MySQL Beyond The Basics](https://www.lynda.com/PHP-tutorials/PHP-MySQL-Essential-Training-1-Basics/587674-2.html)
2. [PHP with MySQL Essential Training: 2 Build a CMS](https://www.lynda.com/MySQL-tutorials/PHP-MySQL-Essential-Training-2-Build-CMS/587675-2.html)
* [PHP: Object-Oriented Programming](https://www.lynda.com/PHP-tutorials/PHP-Object-Oriented-Programming/633867-2.html)
* [
Learning PHP, MySQL & JavaScript, 4th Edition
With jQuery, CSS & HTML5](http://shop.oreilly.com/product/0636920036463.do)
* [Web technology for developers](https://developer.mozilla.org/bm/docs/Web) by [Mozilla](https://www.mozilla.org)###### 2. Application Security Books and online resources
* [Web Application Hacker handbook](https://www.amazon.in/Web-Application-Hackers-Handbook-Exploiting/dp/8126533404)
* [Mastering Modern Web Penetration Testing](https://www.packtpub.com/networking-and-servers/mastering-modern-web-penetration-testing)
* [Hacker101](https://www.hacker101.com/)
* [Application Security Wiki](https://appsecwiki.com)
* [CodePath Web Security Guides](https://guides.codepath.com/websecurity)###### 3. Hands on CTF
* [A good collection of CTFs for learning SAST and DAST](https://websec.fr/)
* [A completely open code audit challenge!](https://code-breaking.com/)
* [Securify BV spot the bug challenges](https://github.com/securifybv/spotthebug)
* [Web Security Academy](https://portswigger.net/web-security)
* [Hacker101 CTF](https://ctf.hacker101.com/)###### 4. Perform SAST and DAST
Once done reading these 2 books above, try implementing the techniques you learnt from them on this [CTF challenges](https://github.com/security-prince/Resources-for-Application-Security/blob/master/README.md#3-hands-on-ctf) and the application you developed in task 1##### 5. Securing Applications
Once we learn how to perform SAST and DAST for the application, we also need to know how to secure it, for which the below books and resource are great
* [The Tangled Web – A Guide to Securing Modern Web Applications](https://www.amazon.in/Tangled-Web-Securing-Modern-Applications/dp/1593273886)
* [Essential PHP Security](https://www.amazon.com/Essential-PHP-Security-Chris-Shiflett/dp/059600656X)
* [SQL Injection Attacks and Defense](https://www.amazon.com/SQL-Injection-Attacks-Defense-Second/dp/1597499633)
* [PHP Security](http://php.net/manual/en/security.php)
* [Survive The Deep End: PHP Security](https://phpsecurity.readthedocs.io/en/latest/)##### 6. Further reaading
* [The Browser Hacker's Handbook](https://www.amazon.in/Browser-Hackers-Handbook-Wade-Alcorn-ebook/dp/B00JV5JDM6)
* [OWASP Testing Guide v4](https://www.owasp.org/index.php/OWASP_Testing_Project)
* [Web Hacking 101](https://leanpub.com/web-hacking-101)
* [Writing Secure Code, 2nd Edition](https://www.microsoftpressstore.com/store/writing-secure-code-9780735617223)
* [awesome-web-hacking](https://github.com/infoslack/awesome-web-hacking)
* [awesome-web-security](https://github.com/qazbnm456/awesome-web-security)###### Bonus
[Application-Security-Engineer-Interview-Questions](https://github.com/security-prince/Application-Security-Engineer-Interview-Questions)#### Inspired by: [Road to Web Application Security](http://garage4hackers.com/showthread.php?t=1788) by [Amol Naik](https://twitter.com/amolnaik4)