breanneboland/you-might-study.txt

## you-might-study.txt
# What I studied for my AppSec engineer interview in September 2019
This is what I read and studied to feel more prepared for my AppSec engineer interview. I came from an SRE background, so a lot of it is ops-focused.

* [Cracking Websites with Cross Site Scripting – Computerphile](https://www.youtube.com/watch?v=L5l9lSnNMxg)
* [Hacking Websites with SQL Injection – Computerphile](https://www.youtube.com/watch?v=_jKylhJtPmI)
* [How NOT to Store Passwords! – Computerphile](https://www.youtube.com/watch?v=8ZtInClXe1Q)
* [Circle CI Security Incident on 8/31/2019 – Details and FAQs](https://support.circleci.com/hc/en-us/articles/360034852194-Security-Incident-on-8-31-2019-Details-and-FAQs)
* [DNS Tunneling: how DNS can be (ab)used by malicious actors](https://unit42.paloaltonetworks.com/dns-tunneling-how-dns-can-be-abused-by-malicious-actors/)
* [A Technical Analysis of the Capital One Hack](https://blog.cloudsploit.com/a-technical-analysis-of-the-capital-one-hack-a9b43d7c8aea)
* [How GCHQ Classifies Computer Security – Computerphile](https://www.youtube.com/watch?v=iesgXoOBLZM)
* [Basic Linux Privilege Escalation](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/)
* [The Book of Secret Knowledge](https://github.com/trimstray/the-book-of-secret-knowledge)
* [Scapy](https://scapy.net/)
* [OWASP stuff](https://owasp.org/www-project-top-ten/), including the [2017 writeup](https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf)
* [Every Linux Geek Needs To Know Sed and Awk. Here’s Why](https://www.makeuseof.com/tag/sed-awk-learn/)
* [Hack This Site](https://www.hackthissite.org/)
* [Katie Murphy’s blog](https://localhost.network/)
* Everything I could about the Capital One breach; [here's](https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/) a good example
	# What I studied for my AppSec engineer interview in September 2019
	This is what I read and studied to feel more prepared for my AppSec engineer interview. I came from an SRE background, so a lot of it is ops-focused.

	* [Cracking Websites with Cross Site Scripting – Computerphile](https://www.youtube.com/watch?v=L5l9lSnNMxg)
	* [Hacking Websites with SQL Injection – Computerphile](https://www.youtube.com/watch?v=_jKylhJtPmI)
	* [How NOT to Store Passwords! – Computerphile](https://www.youtube.com/watch?v=8ZtInClXe1Q)
	* [Circle CI Security Incident on 8/31/2019 – Details and FAQs](https://support.circleci.com/hc/en-us/articles/360034852194-Security-Incident-on-8-31-2019-Details-and-FAQs)
	* [DNS Tunneling: how DNS can be (ab)used by malicious actors](https://unit42.paloaltonetworks.com/dns-tunneling-how-dns-can-be-abused-by-malicious-actors/)
	* [A Technical Analysis of the Capital One Hack](https://blog.cloudsploit.com/a-technical-analysis-of-the-capital-one-hack-a9b43d7c8aea)
	* [How GCHQ Classifies Computer Security – Computerphile](https://www.youtube.com/watch?v=iesgXoOBLZM)
	* [Basic Linux Privilege Escalation](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/)
	* [The Book of Secret Knowledge](https://github.com/trimstray/the-book-of-secret-knowledge)
	* [Scapy](https://scapy.net/)
	* [OWASP stuff](https://owasp.org/www-project-top-ten/), including the [2017 writeup](https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf)
	* [Every Linux Geek Needs To Know Sed and Awk. Here’s Why](https://www.makeuseof.com/tag/sed-awk-learn/)
	* [Hack This Site](https://www.hackthissite.org/)
	* [Katie Murphy’s blog](https://localhost.network/)
	* Everything I could about the Capital One breach; [here's](https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/) a good example