Getting Started with AppSec

This article has been updated from the original published version.

Below is a list of FREE resources that I used to learn about Application Security, or that I have personally created. This is not an exhaustive list, but I do hope that you find it helpful, and that you join our industry!

My first course on Microsoft Learn!!!! Top 5 security items to consider before pushing to production

My OWASP project, DevSlop, has a channel on YouTube where we teach about DevSecOps. You can watch and learn with us as we implement various DevSecOps ideas into our Pipeline.

The secure coding course that I first used to learn the OWASP Top Ten, by Sunny Wear: https://www.cybrary.it/course/secure-coding/. She’s a great teacher and following her is a worthy venture.

The OWASP Cheat Sheets Series (all the AppSec Secrets). If you ever can’t find something specific, search for “OWASP Cheatsheet” + what you’re trying to do, there usually is one. This project was started by someone named Jim Manico, and I also recommend following him.

OWASP Dependancy Check — check if your code libraries, includes and other components are no longer supported or known to be vulnerable. Created by Jeremy Long.

OWASP Zed Attack Proxy, AKA “Zap” — FREE web proxy/web app vulnerability scanner, good for beginners or pros. Learning how to scan your own apps is a FANTASTIC way to learn about security. Just make sure you do it safely, read the instructions. :)

Read my blog article with suggestions on “Getting into Security”.

I also shamelessly suggest that you read my blog, and follow me on Twitter.

Thanks for reading!

Tanya