[EdOverflow]

Aside from Filedescriptor's work, here are some of my favourite blogs in the web application security space (not an exhaustive list):

- https://blog.orange.tw/

- https://ngailong.wordpress.com/

- https://whitton.io/

- https://sakurity.com/blog

- https://homakov.blogspot.com/

- https://buer.haus/

- https://philippeharewood.com/

- https://portswigger.net/research

- https://gerbenjavado.com/

- https://medium.com/@intideceukelaire

- https://samcurry.net/

- https://stephensclafani.com/

- https://www.josipfranjkovic.com/

- https://www.arneswinnen.net/

- https://blog.assetnote.io/

- https://medium.com/@alex.birsan

- https://cablej.io/

- https://jonbottarini.com/

- https://www.corben.io/

There is also this massive list of write-ups that might be of interest to you: https://github.com/ngalongc/bug-bounty-reference.

Shameless plug: I write about web application security at https://edoverflow.com/.

[wrboyce]

You may want to edit your comment so the links are not inside a code block (and thus clickable). Thanks.

[EdOverflow]

Updated accordingly. :)