Keeping up to date with security risks and best practices are necessary in keeping applications secure.
At GDS we regularly run security workshops, this blog post has more information.
Contains information about the ten most critical web application security risks, with suggested steps on how to prevent them.
Capture the flag challenges
These are safe and legal environments built to allow users to learn and practice “hacking” skills through a series of challenges.
- Stripe capture the flag - A global penetration testing game ran by Stripe in 2012, which illustrated different approaches in cracking a site.
- Google’s Gruyere codelab
- alert(1) to win - A really good challenge for understanding xss and injection attacks)
A set of 48 exercises which you can solve in any language to learn about cryptography.
We used this vulnerable rails app in some of our previous security workshops at GDS.
- The Tangled Web: A Guide to Securing Modern Web Applications - Good guide to browser security concerns. See also the earlier Google Browser Security Handbook upon which it is built.
- Security Engineering: A guide to building dependable distributed systems
- Writing secure code
- Agile Application Security: Enabling Security in a Continuous Delivery Pipeline
- Web Application Security, A Beginner’s Guide
- Threat Modeling: Designing for Security