,
13 tweets,
3 min read
Read on Twitter
THREAD:
If you are looking for a job in cybersecurity, web application testing is the area I’m recommending people to take a look at.
There are mad positions open for this skillset.
Please drop some resources here to help people get skilled up.
If you are looking for a job in cybersecurity, web application testing is the area I’m recommending people to take a look at.
There are mad positions open for this skillset.
Please drop some resources here to help people get skilled up.
So I’m about to drop some game on being a beast web application tester.
First thing I recommend is learning how to write web applications yourself.
I’m still a fan of Ruby on Rails for quickly learning to do web app dev.
By doing dev everything will start making sense.
First thing I recommend is learning how to write web applications yourself.
I’m still a fan of Ruby on Rails for quickly learning to do web app dev.
By doing dev everything will start making sense.
When you build the web apps and eventually deploy them to the internet you put yourself in developer mode.
Ultimately that’s who you will communicate with.
Ultimately that’s who you will communicate with.
Learn how to handle forms and parameters with and without helpers.
Build your own APIs and interact with them with Burp and Zap proxies.
Use the OWASP top ten to secure your own app.
Install SSL certs, ddos mitigation, try to automate deployment on Amazon, Heroku
Build your own APIs and interact with them with Burp and Zap proxies.
Use the OWASP top ten to secure your own app.
Install SSL certs, ddos mitigation, try to automate deployment on Amazon, Heroku
If you build these things all the way through you’ll be able to learn how to test better and use Burp etc because you know everything about the app
All the CBTs can teach you Security vernacular and jargon, but doing the work of a dev will give you insight to their life and create empathy for what they have to do.
If you’re trying to move into appsec testing internally/externally try to learn what languages/framework are they using? How are they deploying? What automation tools are they using??
Everyone is using free stuff for the most part.
You can learn the basics of that for sure.
Everyone is using free stuff for the most part.
You can learn the basics of that for sure.
This isn’t an overnight thing. This is certainly doable in three to six months of self study.
Your not trying to be a corporate dev, but you want to understand their process.
You can learn from their job requirements what to study
Your not trying to be a corporate dev, but you want to understand their process.
You can learn from their job requirements what to study
Many of the tools have awesome communities behind them that will help you.
Use YouTube and Google.
This is exactly what we all do to learn something new.
There are no secrets.
Use YouTube and Google.
This is exactly what we all do to learn something new.
There are no secrets.
I hope this helped.
You can do it.
You can do it.
One more thing.
Learn to do a proper threat modeling. At @threatcare we use STRIDE. Go look that up.
Use @Microsoft free tool to create some data flow diagrams of your application.
I believe that you can’t do a serious assessment without threat modeling.
Learn to do a proper threat modeling. At @threatcare we use STRIDE. Go look that up.
Use @Microsoft free tool to create some data flow diagrams of your application.
I believe that you can’t do a serious assessment without threat modeling.
