Resources

Current known list of resources

1. Training:

• https://application.security/free/owasp-top-10-API

• https://free.codebashing.com/

• https://github.com/ManicodeSecurity

• https://owasp.org/SecureCodingDojo/codereview101/

• https://wiki.owasp.org/index.php/

• https://portswigger.net/web-security

• https://www.shiftleft.io/learn/

• https://www.hacksplaining.com/exercises/

• https://ethernaut.openzeppelin.com/

2. Documentation:

• https://checkmarx.gitbooks.io/js-scp/content

• https://about.gitlab.com/handbook/engineering/security/secure-coding-training.html

• https://owasp.org/www-project-secure-coding-dojo/

• https://github.com/nxvl/secure-coding-with-python

• https://github.com/OWASP/Go-SCP

• https://owasp.org/www-community/attacks/

• https://owasp.org/www-community/controls/Static_Code_Analysis

• https://code.google.com/archive/p/browsersec/

• https://nostarch.com/websecurity

• https://github.com/lirantal/awesome-nodejs-security

• https://owasp.org/www-pdf-archive/OWASP_Code_Review_Guide_v2.pdf

• Web Application Security: Exploitation and Countermeasures for Modern Web Applications[Andrew Hoffman]

• Web Security for Developers: Real Threats, Practical Defense [Malcolm McDonald]

• https://seclab.stanford.edu/websec/

• https://www.offensive-security.com/offsec/white-box-web-application-pentesting/

• https://github.com/paragonie/awesome-appsec

3. Tools and miscellaneous:

• https://brakemanscanner.org/

• https://pyre-check.org/

• https://owasp.org/www-community/Source_Code_Analysis_Tools

• https://www.nist.gov/itl/ssd/software-quality-group/source-code-security-analyzers

• https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis