‣Software Engineer ‣Antler alumni, ex-startup builder ‣16+ yrs of web dev ‣SHIPPED: over 10 apps to prod ‣FOCUS: backend, Go ‣ STACK: JS, monolith, boring ‣LEARNING: CS ‣RESEARCH: simple architecture
I prefer to learn by reading books and I've been recommended:
The Web Application Hacker's Handbook (WAHH). They say this is widely considered the Bible of penetration testing for web apps. Web Security Academy (WSA) has been mentioned in the comments. WSA is an interactive version of WAHH book.
The one book that everybody recommends is The Tangled Web. Matasano gave this book to their candidates. According to Thomas Ptacek, "it's probably the best all-around browser security book, but it's not the best application security book, since it spends much more time on browsers and browser technology than it does on the server-side issues (like SQL databases and authorization systems) that dominate web appsec."
Disclaimer: I'm not a web app security expert. Just a software engineer learning the fundamentals of web appsec.
Front end developer specialising in JavaScript and React. Experienced in all aspects of modern front end development. Passionate about making accessible, secure and performant software.
First of all, thank you for the post.
I prefer to learn by reading books and I've been recommended:
Disclaimer: I'm not a web app security expert. Just a software engineer learning the fundamentals of web appsec.
Thanks!