Beginner Resources
Start with where you are. Talk through some of the core concepts mentioned in the overview.
What is threat modeling? How is it useful? Have you worked on any threat models? Could you walk me through them? It's going to be awkward at first but just go with it. Each person in the mentorship pair should talk through their experience threat modeling.
What do you know of the OWASP Top 10? Talk through the ones you are most comfortable with. Which ones are you not really sure about.
What is SAST? What is DAST? What are they used for? What has been your experience using them?
What are some of the exploit tools you have experience with? How have you used them?
Resource | Link | Free | Type | Category |
The Tangled Web: A Guide to Securing Modern Web Applications | No | Book | Web | |
The Web Application Hacker's Handbook | No | Book | Vuln | |
Threat Modeling: Designing for Security | No | Book | Threat Modeling | |
OWASP Juice Shop | Yes | Lab | Vuln | |
Portswigger (Burpsuite) Web Academy | Yes | Lab | Vuln | |
Flaws2.cloud | Yes | Lab | Cloud | |
OWASP Top 10 | Yes | Document | Vuln | |
overthewire Bandit | Yes | Lab | Linux | |
OWASP ASVS | Yes | Document | SLDC | |
NIST Cybersecurity Framework | Yes | Framework | Cyber Security | |
Last updated