# Beginner Resources Start with where you are. Talk through some of the core concepts mentioned in the overview. 1. What is threat modeling? How is it useful? Have you worked on any threat models? Could you walk me through them? *It's going to be awkward at first but just go with it. Each person in the mentorship pair should talk through their experience threat modeling.* 2. What do you know of the OWASP Top 10? Talk through the ones you are most comfortable with. Which ones are you not really sure about. 3. What is SAST? What is DAST? What are they used for? What has been your experience using them? 4. What are some of the exploit tools you have experience with? How have you used them? | Resource | Link | Free | Type | Category | | ------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---- | --------- | --------------- | | The Tangled Web: A Guide to Securing Modern Web Applications | [Amazon](https://www.amazon.com/Tangled-Web-Securing-Modern-Applications/dp/1593273886) \| [Safari](https://learning.oreilly.com/library/view/the-tangled-web/9781593273880/) | No | Book | Web | | The Web Application Hacker's Handbook | [Amazon](https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470/ref=pd_lpo_sbs_14_t_0?_encoding=UTF8\&psc=1\&refRID=KRN7GGFAGX6H1FTFE9WG) \| [Safari](https://learning.oreilly.com/library/view/the-web-application/9781118026472/) | No | Book | Vuln | | Threat Modeling: Designing for Security | [Amazon](https://www.amazon.com/Threat-Modeling-Designing-Adam-Shostack/dp/1118809998/ref=sr_1_1?crid=2O5L2HFEH4RM\&keywords=threat+modeling+designing+for+security\&qid=1563594803\&s=books\&sprefix=threat+mod%2Cstripbooks%2C198\&sr=1-1) \| [Safari](https://learning.oreilly.com/library/view/threat-modeling-designing/9781118810057/) | No | Book | Threat Modeling | | OWASP Juice Shop | [github](https://github.com/bkimminich/juice-shop) | Yes | Lab | Vuln | | Portswigger (Burpsuite) Web Academy | [website](https://portswigger.net/web-security) | Yes | Lab | Vuln | | Flaws2.cloud | [website](https://flaws2.cloud) | Yes | Lab | Cloud | | OWASP Top 10 | [wiki](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_2017_Project) | Yes | Document | Vuln | | overthewire Bandit | [website](http://overthewire.org/wargames/bandit/) | Yes | Lab | Linux | | OWASP ASVS | [website](https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project) | Yes | Document | SLDC | | NIST Cybersecurity Framework | [website](https://www.nist.gov/cyberframework) | Yes | Framework | Cyber Security | | | | | | | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://owasp-pdx.gitbook.io/owasp-pdx-mentorship-resources/application-security/beginner-resources.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.