All CyBOK:INT (2) CyBOK:RMG (14) CyBOK:HF (7) CyBOK:POR (8) CyBOK:LR (5) CyBOK:MAL (31) CyBOK:ADV (30) CyBOK:FOR (20) CyBOK:SOIM (12) CyBOK:CRY (1) CyBOK:OS (23) CyBOK:DSS (2) CyBOK:FMS (3) CyBOK:AAA (4) CyBOK:SS (13) CyBOK:WM (19) CyBOK:SSL (26) CyBOK:NS (37) CyBOK:HWS (2) CyBOK:ACRY (3) CyBOK:CPS (2) CyBOK:PL (1) AppSec (12) Knowledge (47) Tools (59) Mailing List (3) Dynamic analysis (21) Injection (2) Modification (2) Protocols (4) Exercise (129) Android (4) Linux (10) Windows (5) Training (11) General (36) Command line (7) Programming (27) Reversing (3) Software (2) Terminology (3) Static analysis (17) Threat Modelling (2) Vulnerabilities (4) Standards (2) Data protection (1) OSINT (4) Game (4) Video (4) Easy (43) Medium (4) Hard (1)

Explore AppSec Map

enso.security's AppSec Map provides a quick overview of different elements of an AppSec programme and some of the offerings which can help an organisation provide each element of the programme.

Cyber Springboard | Card

Explore the National Vulnerability Database

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Cyber Springboard | Card

Explore the security section of Azure's Well-Architected Framework

The Azure Well-Architected Framework is a set of guidance that helps you improve how you build and deploy your application on Microsoft's Azure cloud platform. Security is one pillar within the Well-Architected Framework.

Cyber Springboard | Card

Play the Citadel Programming Lab from CyBOK

The Citadel Programming Lab is an online virtual secure coding game-based computer lab. The Lab combines a tower defence game with 6 security programming tasks. The lab is based on a serious game approach to join learning and playfulness. The lab’s platform combines a Unity game linked with a coding environment based on an instance of GitLab. The game elements and coding exercises are linked to CyBOK, the Cybersecurity Body of Knowledge, to map its cybersecurity content.

Cyber Springboard | Card

Read about building a product security programme from scratch

Read about one person's experience creating product security programme's from scratch.

Cyber Springboard | Card

Read the CWE Most Important Hardware Weaknesses

The CWE™ Most Important Hardware Weaknesses is the result of collaboration within the Hardware CWE Special Interest Group (SIG). Its intent is to drive awareness of common hardware weaknesses and prevent hardware security issues at the source by educating designers and programmers on how to eliminate important mistakes early in the product development lifecycle.

Cyber Springboard | Card

Read the OWASP Application Security Verification Standard (ASVS)

The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development. The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard. The standard provides a basis for testing application technical security controls, as well as any technical security controls in the environment, that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. This standard can be used to establish a level of confidence in the security of Web applications.

Cyber Springboard | Card

Read the OWASP Top 10

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

Cyber Springboard | Card

Try out bWAPP

bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web vulnerabilities! It covers all major known web bugs, including all risks from the OWASP Top 10 project. bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux/Windows with Apache/IIS and MySQL. It can also be installed with WAMP or XAMPP. Another possibility is to download the bee-box, a custom Linux VM pre-installed with bWAPP.

Cyber Springboard | Card

Try out Damn Vulnerable Web Application (DVWA)

Cyber Springboard | Card

Try out OWASP Mutillidae II

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. With dozens of vulnerabilities and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets.

Cyber Springboard | Card

Watch Maddie Stone's talk, Bad Binder: Finding an Android In The Wild 0day

Maddie Stone is a security researcher on Google Project Zero.

Cyber Springboard | Card