Below is a list of resources that can help you, including links and videos!
Security Best Practices from We Hack Purple
- Secure Design Concepts
- PCI-DSS for Devs!
- API Security Best Practices
- Application Security Activities
- Azure Hardening Best Practice
- Error Handling and Logging
- Secure Coding Guidelines
- Tips For Getting Into InfoSec
- Web App Security Requirements
Frequently Asked Questions
What is We Hack Purple?We Hack Purple is a Canadian company, founded by Tanya Janca in 2020, focused on helping anyone and everyone create secure software. We have an Academy with formal training programs, we offer live training, we are a professional learning community, we have a podcast, newsletter, blog and LOTS of social media. We even have a swag shop, in case you want to look fantastic while you learn!
What is application security (AppSec), and how can I learn it?AppSec is anything you do to ensure that the software you are creating or protecting, is secure. Whether it’s a formal process, or it’s doing one-off efforts, all if it is YOU fighting the good fight. And we can definitely help you with this!
What is the We Hack Purple Community? Why should I join?We are a group of security-minded professionals who want to network, share and connect in a safe and fun place. We have a platform for content sharing, exclusive content via email drip, groups and just the general platform newsfeed. It’s a place for you to find the answers you need to succeed in your career, plus a great way to meet amazing people. PS It’s free!
Do you give live (virtual) training?
Absolutely! Email We Hack Purple for pricing and details!
Do you have a mailing list?Yes, I have TWO! If you want to join MY newsletter, sign up here. You can also join We Hack Purple’s newsletter here. The content occasionally overlaps, but rarely. You can count on my newsletter being more silly and community-focused, arriving less often.
I’m trying to get into information security in general and I’m not sure how. Where do I start?There’s no one ‘right’ answer to this question, but we will provide a whole bunch of suggestions in the following video.
I’m trying to get into application security and I’m not sure where to start. Am I in the right place?Yes, you are in the right place! Also, visit We Hack Purple.com
What is #CyberMentoringMonday? How can I be involved? How can I be a good mentor? How can I make sure I’m being a good mentee?If you want to find a professional mentor, each Monday on Twitter Tanya Janca runs a campaign called #CyberMentoringMonday. Every Monday you can tag her and she will retweet you, to try to help you find a mentor.
Follow these tips for best results:
- Make sure you have your direct messages (DMs) open so someone can message you.
- Make sure you use the #CyberMentoringMonday hashtag in your tweet, so that people can find you.
- Make sure you represent yourself well. Your tweet is your first impression, make a good one!
Tell me about Alice and Bob Learn Application Security, Tanya’s book. What level of knowledge do I need to read it? What does it cover? Tell me everything!It’s especially beneficial for software developers and anyone who wants to work in application security, but it’s written assuming no security knowledge on the part of the reader. Watch the video for more details, visit the Alice and Bob Learn webpage, or watch our playlist on YouTube all about it! Or better yet, buy it!
Are you willing to volunteer/just answer a few questions/review a blog post/have a zoom call/perform other unpaid work for me?No. Tanya receives requests constantly for free consulting and other unpaid work, and the answer is no. She cannot provide free consulting, technical guidance, phone calls for you to ‘just pick Tanya’s brain for a few minutes’ or any other unpaid work. That said, We Hack Purple gives a lot of stuff away for free on their social media, YouTube channel and newsletter. If Tanya wants to add additional volunteering to her already full roster, she will reach out