Beginner Resources

Start with where you are. Talk through some of the core concepts mentioned in the overview.

1. What is threat modeling? How is it useful? Have you worked on any threat models? Could you walk me through them? It's going to be awkward at first but just go with it. Each person in the mentorship pair should talk through their experience threat modeling.

2. What do you know of the OWASP Top 10? Talk through the ones you are most comfortable with. Which ones are you not really sure about.

3. What is SAST? What is DAST? What are they used for? What has been your experience using them?

4. What are some of the exploit tools you have experience with? How have you used them?

Resource	Link	Free	Type	Category
The Tangled Web: A Guide to Securing Modern Web Applications	Amazon | Safari	No	Book	Web
The Web Application Hacker's Handbook	Amazon | Safari	No	Book	Vuln
Threat Modeling: Designing for Security	Amazon | Safari	No	Book	Threat Modeling
OWASP Juice Shop	github	Yes	Lab	Vuln
Portswigger (Burpsuite) Web Academy	website	Yes	Lab	Vuln
Flaws2.cloud	website	Yes	Lab	Cloud
OWASP Top 10	wiki	Yes	Document	Vuln
overthewire Bandit	website	Yes	Lab	Linux
OWASP ASVS	website	Yes	Document	SLDC
NIST Cybersecurity Framework	website	Yes	Framework	Cyber Security