Updated post at https://ishaqmohammed.me/posts/resources-for-application-security/
Some good resources for getting started with application security
Note: The resources which i have put are those which i will be using in my application security learnings, feel free to use it for your learning purpose only and if you have any suggestions dm me on Twitter
- Development
- Application Security Books and online resources
- Hands on CTF
- SAST and DAST
- Securing Applications
- Further reading
- PHP with MySQL Essential Training by lynda
- PHP: Object-Oriented Programming
- Learning PHP, MySQL & JavaScript, 4th Edition With jQuery, CSS & HTML5
- Web technology for developers by Mozilla
- Web Application Hacker handbook
- Mastering Modern Web Penetration Testing
- Hacker101
- Application Security Wiki
- CodePath Web Security Guides
- A good collection of CTFs for learning SAST and DAST
- A completely open code audit challenge!
- Securify BV spot the bug challenges
- Web Security Academy
- Hacker101 CTF
Once done reading these 2 books above, try implementing the techniques you learnt from them on this CTF challenges and the application you developed in task 1
Once we learn how to perform SAST and DAST for the application, we also need to know how to secure it, for which the below books and resource are great
- The Tangled Web – A Guide to Securing Modern Web Applications
- Essential PHP Security
- SQL Injection Attacks and Defense
- PHP Security
- Survive The Deep End: PHP Security
- The Browser Hacker's Handbook
- OWASP Testing Guide v4
- Web Hacking 101
- Writing Secure Code, 2nd Edition
- awesome-web-hacking
- awesome-web-security
Application-Security-Engineer-Interview-Questions