- 📚 Methodologies.
- 💻 Useful command lines.
- 📑 Technical quick hints often used.
- 📖 Technical hints about specific topics with detailed explanation.
- 📦 Technical hints rarely used or covering aspects seen a single one time.
- 🐳 Technical hints about container.
- 🔬 Technical hints about code review.
👨🎓 For SANS training, I only trust specified instructors.
💡 Additional online tool to create a mindmap from markdown code: https://markdown-map.com/
👨🎓I leverage:
- AppSecEngineer to learn new concepts related to AppSec regarding thread modeling, cloud, containers and Kubernetes domains.
- PentesterLab to learn:
- New and existing classes of web-based vulnerabilities as well as how to prevent/fix them.
- How to perform effective secure code review against differents langages.
- Portswigger to learn new concepts related to AppSec regarding web domains. This include also learning of using Burp at the most effective way.
mindmap
root((🤝Trusted providers))
🌏Web security
📖Methodology
portswigger.net/web-security
SANS SEC542 Web App Penetration Testing with Bojan Zdrnja
📚Common attacks and techniques
pentesterlab.com
💡New concepts and techniques and attacks
portswigger.net/web-security
🔐OpenID and OAuth2 concepts and related security pitfalls
pragmaticwebsecurity.com
📝Single Page Application security
pragmaticwebsecurity.com
🔬Secure code review
📖Methodology
pentesterlab.com
💡Language specific security pitfalls
pentesterlab.com
🚀Cloud security
📚Common attacks and techniques
learning.appsecengineer.com
SANS SEC588 Cloud Penetration Testing with Moses Frost
📦Container and Kubernetes security
📚Common attacks and techniques
learning.appsecengineer.com
😈Threat modeling
📖Methodology
learning.appsecengineer.com
📢Conferences
💻Development
luxembourg.voxxeddays.com
🏹Security
secappdev.org
📒Magazines
💻Development
www.programmez.com
🏹Security
connect.ed-diamond.com/misc