Updated post at https://ishaqmohammed.me/posts/resources-for-application-security/
Resources for Application Security
Some good resources for getting started with application security
Note: The resources which i have put are those which i will be using in my application security learnings, feel free to use it for your learning purpose only and if you have any suggestions dm me on Twitter
- Development
- Application Security Books and online resources
- Hands on CTF
- SAST and DAST
- Securing Applications
- Further reading
1. Learn About Web Application Technologies and Development
- PHP with MySQL Essential Training by lynda
- PHP: Object-Oriented Programming
- Learning PHP, MySQL & JavaScript, 4th Edition With jQuery, CSS & HTML5
- Web technology for developers by Mozilla
2. Application Security Books and online resources
- Web Application Hacker handbook
- Mastering Modern Web Penetration Testing
- Hacker101
- Application Security Wiki
- CodePath Web Security Guides
3. Hands on CTF
- A good collection of CTFs for learning SAST and DAST
- A completely open code audit challenge!
- Securify BV spot the bug challenges
- Web Security Academy
- Hacker101 CTF
4. Perform SAST and DAST
Once done reading these 2 books above, try implementing the techniques you learnt from them on this CTF challenges and the application you developed in task 1
5. Securing Applications
Once we learn how to perform SAST and DAST for the application, we also need to know how to secure it, for which the below books and resource are great
- The Tangled Web – A Guide to Securing Modern Web Applications
- Essential PHP Security
- SQL Injection Attacks and Defense
- PHP Security
- Survive The Deep End: PHP Security
6. Further reaading
- The Browser Hacker's Handbook
- OWASP Testing Guide v4
- Web Hacking 101
- Writing Secure Code, 2nd Edition
- awesome-web-hacking
- awesome-web-security
Bonus
Application-Security-Engineer-Interview-Questions