App Sec Resources

• PortSwigger Research
  • https://portswigger.net/research
• Assetnote Research
  • https://www.assetnote.io/resources/research
• intigriti Blog
  • https://www.intigriti.com/researchers/blog
• SANS Offensive Operations YouTube
  • https://www.youtube.com/@SANSOffensiveOperations
• HackerOne Hacktivity
  • https://hackerone.com/hacktivity/overview?queryString=disclosed%3Atrue&sortField=latest_disclosable_activity_at&sortDirection=DESC&pageIndex=0
• Stephen Sims
  • SANS Instructor
  • https://www.youtube.com/@OffByOneSecurity/streams
• OWASP
  • https://owasp.org/

---

• James Kettle
  • https://jameskettle.com
  • Director of Research at PortSwigger
• Jason Haddix
  • Posts lots of recon resources/methodology online
  • https://www.youtube.com/results?search_query=Jason+Haddix
• Douglas Day
  • https://douglas.day/
• Orange Tsai
  • https://blog.orange.tw/articles/

---

• Hassan Hadary (not really active)
  • https://hassanhadary.blogspot.com
  • Expert in application security (SANS Instructor)
    • https://www.sans.org/profiles/hassan-el-hadary

---

TODO:

• https://arxiv.org/html/2410.20911v1
  • Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks