wstg
awesome-appsec
wstg | awesome-appsec | |
---|---|---|
27 | 6 | |
6,769 | 6,126 | |
2.6% | 1.1% | |
7.6 | 0.0 | |
14 days ago | 9 months ago | |
Dockerfile | PHP | |
Creative Commons Attribution Share Alike 4.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wstg
-
Where do you focus your time and energy?
At the beginning, I read all things in here https://owasp.org/www-project-web-security-testing-guide/, also gets familiars with owasp top 10. But later on, I focus on a few techniques only.
-
XSS
I highly recommend PortSwigger's Web Security Academy and have a look at the OWASP Web Security Testing Guide.
- Como identificar vulnerabilidades no código fonte?
- Internal pentesting course
-
I need some Help
You can follow OWASP web testing guide to learn about the test cases performed during testing.
-
Ask HN: Fallback remote job options for an experienced developer in the U.S.?
Most web app testing is performed using this guide https://owasp.org/www-project-web-security-testing-guide/
- Which security strategies can you recommend?
-
Pentest on web app priority
I highly recommend the OWASP Testing Guide: https://owasp.org/www-project-web-security-testing-guide/
-
Web App Pentesting Career
Hi, sit and learn https://owasp.org/www-project-web-security-testing-guide/ that's the best way, than may be EJPT.
-
Git branching for small teams
A short-lived branch-per-issue helps ensure that its resulting pull request doesn’t get too large, making it unwieldy and hard to review carefully. The definition of “short” varies depending on the team or project’s development velocity: for a small team producing a commercial app (like a startup), the time from issue branch creation to PR probably won’t exceed a week. For open source projects like the OWASP WSTG that depends on volunteers working around busy schedules, branches may live for a few weeks to a few months, depending on the contributor. Generally, strive to iterate in as little time as possible.
awesome-appsec
-
Aside from OWASP, are there other relevant certs to get for App Sec?
For resources : https://github.com/paragonie/awesome-appsec
-
Cybersecurity Repositories
AppSec
-
Resources to learn secure coding? App Sec and Web Sec?
Here is a repo of some resources. You are going to need to learn to walk before you run so that at a concrete level you can articulate what secure vs insecure code is and why it matters, then dive into appsec. No disrespect intended but from the way this is written my suggestion would be to focus on computer science foundational concepts as well as spending significant time writing and reading code. This will likely be a several year journey if you are a total beginner but the best time to start is now :)
- Information and learning resources for cryptography newcomers
-
Anyone in AppSec (Application Security)?
Come over to /r/devsecops to get more information about the field. Also, there are lots of good sources, you can get some from my blog, or Awesome AppSec, or Security Prince and other places.
- I'm preparing for the interview and I've curated a list of resources that might be helpful for you also.
What are some alternatives?
OWASP-Testing-Checklist - OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.
API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
owasp-masvs - The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
UnSAFE_Bank - Vulnerable Banking Suite
see awesome-security - A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
labs - This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.
bugbounty-cheatsheet - A list of interesting payloads, tips and tricks for bug bounty hunters.
SecureCodingDojo - The Secure Coding Dojo is a platform for delivering secure coding knowledge.
Damn-Vulnerable-Bank - Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
Security_Engineer_Interview_Questions - Every Security Engineer Interview Question From Glassdoor.com