Application Security WeeklySubscribe
Cloud Security, Application security, Security Staff Acquisition & Development, DevSecOps

The DIY AppSec Lab – ASW #185

Lots of web hacking can be done directly from the browser. Throw in a proxy like Burp plus the browser's developer tools window and you've got a nearly complete toolkit.

But nearly complete means there's still room for improvement. We'll talk about the tools to keep on hand, setting up practice targets, participating in bug bounties, and more resources to help you learn along the way.

For tips on labs beyond just appsec, be sure to check out the Security Weekly webcast on "Do It Yourself: Building a Security Lab At Home" at https://securityweekly.com/webcasts/do-it-yourself-building-a-security-lab-at-home/

Segment resources: - https://www.darkreading.com/careers-and-people/want-to-be-an-ethical-hacker-here-s-where-to-begin - https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS - https://owasp.org/www-project-juice-shop/ - https://owasp.org/www-project-vulnerable-web-applications-directory/ - https://portswigger.net/web-security - https://azeria-labs.com/writing-arm-assembly-part-1/ - https://twitter.com/0xAs1F/status/1480604655952433155

Full episode and show notes

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

  • We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!

Hosts

Tech Lead at Block
Senior Engineering Leader at AWS

Related

Modernizing AppSec – Melinda Marks – ASW #307

In this week's interview, Melinda Marks' joins us to discuss her latest research. Her recent report Modernizing Application Security to Scale for Cloud-Native Development delves into many aspects and trends affecting AppSec as it matures, particularly in cloud-first organizations. We also discuss the fuzzy line between "cloud-native" AppSec and ev...