Knowledge area
All Topics
Six guides that build on each other - from web app security to incident response. Each gives you a practical mental model, is honest about the limits, and links the primary sources.
- Read topic
Application security
Web App Security
A practical guide to trust boundaries, access control, sessions, data handling, dependencies, and the limits of security testing.
- Read topic
Secure software lifecycle
Secure Development
How to include security in planning, design, coding, testing, release, and day-to-day operation.
- Read topic
Authorized security testing
Pentest Preparation
How to prepare an authorized penetration test with a clear goal, scope, safety rules, useful evidence, and a plan for fixes.
- Read topic
Secure software delivery
AI in DevSecOps
Where AI can help secure software delivery, where it can fail, and why people still own the decisions.
- Read topic
Bounded AI systems
Agentic Engineering
How AI agents use tools, permissions, memory, and feedback, and what keeps their actions under control.
- Read topic
Responding under uncertainty
Incident Response
How teams detect, contain, investigate, recover from, and learn after a cybersecurity incident.