Below is a list of FREE resources that I used to learn about Application Security, that I recommend highly or that I have personally created. This is not an exhaustive list, but I do hope that you find it helpful, and that you join our industry! Seriously, we need you. :-D
- My blog series, "Pushing Left, Like a Boss", an extensive introduction and explanation of AppSec.
- My SheHacksPurple YouTube channel, many videos about all different aspects of security.
- My "TanyaTalksTech" YouTube playlist, a list of all of my publicly released talks.
- My first course on Microsoft Learn!!!! Top 5 security items to consider before pushing to production
- My OWASP project, DevSlop, has a channel on YouTube where we teach about DevSecOps. You can watch and learn with us as we implement various DevSecOps ideas into our Pipeline.
- The OWASP Cheat Sheets Series (all the AppSec Secrets). If you ever can't find something specific, search for "OWASP Cheatsheet" + what you're trying to do, there usually is one. This project was started by someone named Jim Manico and is lead by Dominique Righetto, and I also recommend following both of them.
- OWASP Dependancy Check - check if your code libraries, includes and other components are no longer supported or known to be vulnerable. Created by Jeremy Long.
- OWASP Zed Attack Proxy, AKA "Zap" - FREE web proxy/web app vulnerability scanner, good for beginners or pros. Learning how to scan your own apps is a FANTASTIC way to learn about security. Just make sure you do it safely, read the instructions. :)
- A series of many resources by Bram Patelski: https://github.com/brampat/security
- Read my blog article with suggestions on "Getting into Security".
- Check out "Some Useful Application Security Resources", by John Opdenakker
I also shamelessly suggest that you read my blog, subscribe to watch my streaming on Twitch, Mixer and YouTube, and follow me on Twitter.
Another thing: follow my friend Francesco Cipollone on Twitter, he's All AppSec, All The Time. He's also a huge part of #CyberMentoringMonday and the InfoSec community!
Any language. Any platform.