When I started studying computer science, I was particularly interested in 2 fields: mobile app development and information security. Fast-forward 5 years, as of today I’m a software developer doing web and mobile apps, but I still got a strong interest toward security, especially application security. For the last few years, I tried to get into infosec more seriously, at least to make the apps I work on more secure. I began going to Hackfest, an awesome infosec conference in Quebec(Canada), and participating to the CTFs. I am definitely not at a level to compete against the other participants, but I have fun and I learn a lot. Every talk, I noted down book suggestions, twitter handles and blogs in the hope to consume the content and become as good as I could. Lately, I decided to get into bug bounty hunting and needed to sort out all the resources I gathered to focus on the most interesting ones. Here is what I came up with(I also intend to keep this post up-to-date when I find other nice content).

Talks

Attack Driven Development: Getting Started in Application Security

How to Shot Web: Web and mobile hacking (Bug Bounty Methodology v1)

Bug Bounty Methodology v2

Bug Bounty Methodology v3

These are some talks I really wanted to watch, but there are other Youtube channels I found interesting:

Books

OWASP

The Open Web Application Security Project aims to improve software security by providing guidelines and learning resources.

Miscellaneous references

Practice

Nothing beats practice when learning, so here are some resources offering online sandbox or downloadable virtual machines to sharpen your hacking skills. You should definitely start out with Hacksplaining, which will give you a basic understanding of different vulnerabilities, then go to other less directed ressources to practice further.

Online sandbox

Virtual machines

OWASP’s Interactive learning platform

More practice sites listing