Beginner Resources
Start with where you are. Talk through some of the core concepts mentioned in the overview.
  1. 1.
    What is threat modeling? How is it useful? Have you worked on any threat models? Could you walk me through them? It's going to be awkward at first but just go with it. Each person in the mentorship pair should talk through their experience threat modeling.
  2. 2.
    What do you know of the OWASP Top 10? Talk through the ones you are most comfortable with. Which ones are you not really sure about.
  3. 3.
    What is SAST? What is DAST? What are they used for? What has been your experience using them?
  4. 4.
    What are some of the exploit tools you have experience with? How have you used them?
Resource
Link
Free
Type
Category
The Tangled Web: A Guide to Securing Modern Web Applications
Amazon | Safari
No
Book
Web
The Web Application Hacker's Handbook
Amazon | Safari
No
Book
Vuln
Threat Modeling: Designing for Security
Amazon | Safari
No
Book
Threat Modeling
OWASP Juice Shop
github
Yes
Lab
Vuln
Portswigger (Burpsuite) Web Academy
website
Yes
Lab
Vuln
Flaws2.cloud
website
Yes
Lab
Cloud
OWASP Top 10
wiki
Yes
Document
Vuln
overthewire Bandit
website
Yes
Lab
Linux
OWASP ASVS
website
Yes
Document
SLDC
NIST Cybersecurity Framework
website
Yes
Framework
Cyber Security
Copy link