# 二十二、资源 + OnlineTraining + [WebApplication Exploits and Defenses](https://google-gruyere.appspot.com) + [The Exploit Database](https://www.exploit-db.com/) + [Udacity](https://cn.udacity.com/) + Bug Bounty Platforms + [Hackerone.com](https://Hackerone.com) + [Bugcrowd.com](https://bugcrowd.com/) + [Synack.com](https://www.synack.com/) + [Cobalt.io](https://cobalt.io/) + Video Tutorials + [youtube.com/yaworsk1](https://youtube.com/yaworsk1) + [Seccasts.com](https://www.youtube.com/c/nVisium/) + [Twitter#infsec](https://twitter.com/hashtag/Infsec) + [Twitter@disclosedh1](https://twitter.com/disclosedh1) + [Web Application Hackers Handbook](https://www.amazon.cn/%E9%BB%91%E5%AE%A2%E6%94%BB%E9%98%B2%E6%8A%80%E6%9C%AF%E5%AE%9D%E5%85%B8-Web%E5%AE%9E%E6%88%98%E7%AF%87-Dafydd-Stuttard/dp/B008FNO9GK) + [Bug Hunters Methodology](https://github.com/jhaddix/tbhm) + Recommended Blogs + [philippeharewood.com](http://philippeharewood.com/) + [Philippe'sFacebookPage](https://www.facebook.com/phwd-113702895386410) + [fin1te.net](https://whitton.io/) + [NahamSec.com](http://nahamsec.com/) + [blog.it-securityguard.com](http://blog.it-securityguard.com/) + [blog.innerht.ml](http://blog.innerht.ml/) + [blog.orange.tw](http://blog.orange.tw/) + [Portswigger Blog](http://blog.portswigger.net/) + [Nvisium Blog](https://nvisium.com/blog/) + [blog.zsec.uk](https://blog.zsec.uk/) + [Bug Crowd Blog](https://blog.bugcrowd.com/) + [HackerOne Blog](https://www.hackerone.com/blog)