Beginner Resources

Start with where you are. Talk through some of the core concepts mentioned in the overview.

  1. What is threat modeling? How is it useful? Have you worked on any threat models? Could you walk me through them? It's going to be awkward at first but just go with it. Each person in the mentorship pair should talk through their experience threat modeling.

  2. What do you know of the OWASP Top 10? Talk through the ones you are most comfortable with. Which ones are you not really sure about.

  3. What is SAST? What is DAST? What are they used for? What has been your experience using them?

  4. What are some of the exploit tools you have experience with? How have you used them?

Resource

Link

Free

Type

Category

The Tangled Web: A Guide to Securing Modern Web Applications

No

Book

Web

The Web Application Hacker's Handbook

No

Book

Vuln

Threat Modeling: Designing for Security

No

Book

Threat Modeling

OWASP Juice Shop

Yes

Lab

Vuln

Portswigger (Burpsuite) Web Academy

Yes

Lab

Vuln

Flaws2.cloud

Yes

Lab

Cloud

OWASP Top 10

Yes

Document

Vuln

overthewire Bandit

Yes

Lab

Linux

OWASP ASVS

Yes

Document

SLDC

NIST Cybersecurity Framework

Yes

Framework

Cyber Security

Last updated