Where every claim in SecProve
comes from.
A dense reading catalog. Every claim is footnoted. Sort by source, filter by pillar, type, or recency. Built for analysts who want to see what we are standing on.
Top 10 security risks for APIs. Covers broken object-level authorization, authentication failures, excessive data exposure, and more.
Test your knowledge · A4Conference presentations covering novel attack techniques and defensive research. Essential for cutting-edge offensive/defensive questions. AI Village talks particularly relevant for Pillars B and C.
Framework of security requirements for designing, developing, and testing secure web applications. Three verification levels.
Test your knowledge · A4Five business functions (Governance, Design, Implementation, Verification, Operations) for measuring and improving AppSec programs. Good for maturity model questions.
Test your knowledge · A4The most widely referenced web application security awareness document. Covers injection, broken auth, XSS, and more.
Test your knowledge · A4Fast, open-source static analysis tool for finding bugs and enforcing code standards. Supports 30+ languages with custom rules.
Test your knowledge · A4Annual analysis of open source usage and vulnerability data. Key stats on open source in commercial codebases (typically 70-80%+). Grounds supply chain and AppSec questions in real data.
Test your knowledge · A4Annual report with empirical data on flaw prevalence by language, fix rates, and security debt. Useful for data-driven AppSec questions. Vendor but based on scan data across thousands of orgs.
Test your knowledge · A4Ready to test what you've learned?
Our questions are built directly from these resources. Take a quiz and see how your knowledge stacks up.