, 13 tweets, 3 min read Read on Twitter
THREAD:

If you are looking for a job in cybersecurity, web application testing is the area I’m recommending people to take a look at.

There are mad positions open for this skillset.

Please drop some resources here to help people get skilled up.
So I’m about to drop some game on being a beast web application tester.

First thing I recommend is learning how to write web applications yourself.

I’m still a fan of Ruby on Rails for quickly learning to do web app dev.

By doing dev everything will start making sense.
When you build the web apps and eventually deploy them to the internet you put yourself in developer mode.

Ultimately that’s who you will communicate with.
Learn how to handle forms and parameters with and without helpers.

Build your own APIs and interact with them with Burp and Zap proxies.

Use the OWASP top ten to secure your own app.

Install SSL certs, ddos mitigation, try to automate deployment on Amazon, Heroku
If you build these things all the way through you’ll be able to learn how to test better and use Burp etc because you know everything about the app
All the CBTs can teach you Security vernacular and jargon, but doing the work of a dev will give you insight to their life and create empathy for what they have to do.
If you’re trying to move into appsec testing internally/externally try to learn what languages/framework are they using? How are they deploying? What automation tools are they using??

Everyone is using free stuff for the most part.

You can learn the basics of that for sure.
This isn’t an overnight thing. This is certainly doable in three to six months of self study.

Your not trying to be a corporate dev, but you want to understand their process.

You can learn from their job requirements what to study
Many of the tools have awesome communities behind them that will help you.

Use YouTube and Google.

This is exactly what we all do to learn something new.

There are no secrets.
I hope this helped.

You can do it.
One more thing.

Learn to do a proper threat modeling. At @threatcare we use STRIDE. Go look that up.

Use @Microsoft free tool to create some data flow diagrams of your application.

I believe that you can’t do a serious assessment without threat modeling.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Marcus J. Carey
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!