Resources

Fundamentals

• OWASP Top 10
• OWASP Authentication Cheat Sheet
• OWASP Cheat Sheet Series
• What is HTTPS - Cloudflare
• TLS/SSL explained

Authentication & Authorization

• Authentication on the Web - YouTube
• OAuth 2.0 explained
• OpenID Connect explained
• JWT.io - JSON Web Tokens
• CORS - Cloudflare
• Top-5 HTTP Security Headers
• Cookies vs Tokens: The Definitive Guide

Web Application Security

• XSS (Cross-site scripting) - PortSwigger
• SQL Injection - PortSwigger
• CSRF - PortSwigger
• Content Security Policy - MDN
• Web Security Academy - PortSwigger (free)

API Security

• OWASP API Security Top 10
• API Security Best Practices

Supply Chain & Infrastructure Security

• SLSA: Supply-chain Levels for Software Artifacts
• Software Bill of Materials (SBOM) - CISA
• Secrets management - HashiCorp Vault
• Container security best practices
• Dependency confusion attacks

Cryptography

• Cryptography basics - Khan Academy
• Practical Cryptography for Developers

AI Security

• OWASP Top 10 for LLM Applications
• Prompt injection attacks