Security Weekly
Application Security WeeklySubscribe
Application security, Cloud Security, DevSecOps, Security Staff Acquisition & Development

The DIY AppSec Lab – ASW #185

Lots of web hacking can be done directly from the browser. Throw in a proxy like Burp plus the browser's developer tools window and you've got a nearly complete toolkit.

But nearly complete means there's still room for improvement. We'll talk about the tools to keep on hand, setting up practice targets, participating in bug bounties, and more resources to help you learn along the way.

For tips on labs beyond just appsec, be sure to check out the Security Weekly webcast on "Do It Yourself: Building a Security Lab At Home" at https://securityweekly.com/webcasts/do-it-yourself-building-a-security-lab-at-home/

Segment resources:

- https://www.darkreading.com/careers-and-people/want-to-be-an-ethical-hacker-here-s-where-to-begin

- https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS

- https://owasp.org/www-project-juice-shop/

- https://owasp.org/www-project-vulnerable-web-applications-directory/

- https://portswigger.net/web-security

- https://azeria-labs.com/writing-arm-assembly-part-1/

- https://twitter.com/0xAs1F/status/1480604655952433155

Full episode and show notes

Announcements

  • We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Mike Shema
Mike Shema
Tech Lead at Block
John Kinsella
John Kinsella
Co-founder & CTO at Cysense

Related

All the News — Just Six Months Later – ASW #265

We cover appsec news on a weekly basis, but sometimes that news is merely about the start of a new project, sometimes it's yet another example of a vuln class, and sometimes it's a topic we hope doesn't become a trend. So, what themes have we seen and where do we see them going? Here are a few headline topics that have alternately generated yays a...