Absolute(ly) Awesome AppSec

Resources that we have found useful during our Application Security Careers

The following resources could also be described as Absolute AppSec’s Awesome Application Security list. Either way, these are all resources that have been helpful to us over the years.

Newsletters

• tl;dr sec - Clint Gibler’s weekly newsletter covering a range of topics, from application security to red team, cloud security, upcoming conferences, and miscellaneous topics that are security related. tl;dr sec
• Unsupervised Learning - Daniel Miesser spends 20+ hours each week consuming content and summarizes articles on security, technology, and other topics. Signup Link

Threat Modeling

• Redefining Threat Modeling - Jeevan Singh from Segment blogs his experience of building a self-serve Threat Modeling program for software engineers.

Training

• Portswigger’s offerings
  • Web Academy + Learning Path + Burp Suite
• TryHackMe
  • TryHackMe - Cyber Security Training

Bug Bounties

• JHaddix’s Bug Hunter’s Methodology v4.01

Tools

Familiarize yourself with tools like project discovery’s nuclei vulnerability scanner

Dynamic Scanning Tools

• OWASP’s Amass tool: Amass Github Link
  • Absolute AppSec Amass Demo

Proxies

• Portswigger Burp Suite: Burp Suite Portswigger Link
  • Absolute AppSec Burp Suite Demo

Fuzzing Tools

• Radamsa: radamsa Github
  • Absolute AppSec Demo

Static Analysis

• Brakeman: brakemanscanner.org
  • Ruby on Rails
• Puma Scan: pumascan.com
  • .NET/C#
• Semgrep: semgrep.dev

News

• Lobst.rs Security
• Reddit Netsec
• Git-N-formed discord
• Portswigger Daily Swig
• Dark Reading

Conferences and IRL

• Security BSides
  • Low or no cost conferences offered at regional BSides events are a good way to meet infosec people, practice skills in CTF events
• OWASP - Look for your local OWASP group here: OWASP Chapters