The folks from WeTest are doing 30 Days of Security Testing for October and November. @ceedubsnz has been blogging his way through the security testing challenges Blogs 1 - 8 are below:
Day 1: Read a security blog
Day 2: Select and read a book related to security testing
Book recommendation from Mike: Ghost in the Wires by Kevin Mitnick.
Day 3: Use a security tool - examples: ZAP or Burpsuite
Day 4: Learn anything about vulnerability scanning
Day 5: Learn about threat modelling (i.e. like the stride model)
Day 6: Explore these sites: Google Gruyere; Hackyourself first; Ticket Magpie; The Bodgeit store
Day 7: Learn one or more things about penetration testing
Day 8: Use a proxy tool to observe web traffic in a web or mobile application