Skip to content

A curated list of resources for learning about application security

License

Notifications You must be signed in to change notification settings

J00ker/awesome-appsec

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Awesome AppSec

A curated list of resources for learning about application security.

Maintained by Paragon Initiative Enterprises with contributions from the application security and developer communities.

Contributing

Please refer to the contributing guide for details.

The Awesome Application Security Readling List

General

Articles

Released: February 25, 2014

Advice on cryptographically secure pseudo-random number generators.

Released: August 6, 2014

A post on Crackstation, a projecy by Defuse Security

Released: May 3, 2014

Mentions many ways to make /dev/urandom fail on Linux/BSD.

Books

Released: September 27, 2011

Great introduction to Web Application Security; though slightly dated.

Released: March 15, 2010

Develops a sense of professional paranoia while presenting crypto design techniques.

Classes

A vulnerability research and exploit development class by Owen Redwood of Florida State University.

Be sure to check out the lectures!

Websites

Learn about application security by attempting to hack this website.

Where hackers and security experts come to train.

Self-assessment quiz for web application security

Secure passwords in several languages/frameworks.

A list of security news sources.

Video courses on low-level x86 programming, hacking, and forensics.

Blogs

Showcasing bad cryptography

Wiki pages

The top ten most common and critical security vulnerabilities found in web applications.

PHP

Articles

Released: November 28, 2014

A gentle introduction to timing attacks in PHP applications

Released: April 21, 2015

Discusses password policies, password storage, "remember me" cookies, and account recovery.

Released: April 22, 2013

Padriac Brady's advice on building software that isn't vulnerable to XSS

Released: November 23, 2011

Though this article is a few years old, much of its advice is still relevant as we veer around the corner towards PHP 7.

Released: June 16, 2014

@timoh6 explains implementing data encryption in PHP

Books and ebooks

Securing PHP: Core Concepts acts as a guide to some of the most common security terms and provides some examples of them in every day PHP.

Useful libraries

Symmetric-key encryption library for PHP applications. (Recommended over rolling your own!)

If you're using PHP 5.3.7+ or 5.4, use this to hash passwords

Useful for generating random strings or numbers

A secure OAuth2 server implementation

Websites

websec.io is dedicated to educating developers about security with topics relating to general security fundamentals, emerging technologies and PHP-specific information

Blogs

The blog of our technology and security consulting firm based in Orlando, FL

A blog about PHP, Security, Performance and general web application development.

Pádraic Brady is a Zend Framework security expert

Mailing lists

A weekly newsletter about PHP, security, and the community.

About

A curated list of resources for learning about application security

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PHP 100.0%