AppSec / Application Security

ClmClm CISSP | CCSP | CCSK | AWS x 4 | ITIL | PCEPMember Posts: 444 ■■■■□□□□□□
Hey all so I need to learn application security for my new company and looking for resources i would prefer Video course and Labs if you know of anything like that please let me know.
I find your lack of Cloud Security Disturbing!!!!!!!!!
Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig

Comments

  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,232 Mod
    What's your involvement with App security? would you be creating apps securely or just looking at Apps and assessing their security? Do you run specific tools at your work that you need to learn? Would you be doing vulnerability management/pentesting?

    Either way, start with the OWASP top 10, learn vulnerability management, and  pentesting. Pentester academy has good videos and eLearnSecurity
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • ClmClm CISSP | CCSP | CCSK | AWS x 4 | ITIL | PCEP Member Posts: 444 ■■■■□□□□□□
    UnixGuy said:
    What's your involvement with App security? would you be creating apps securely or just looking at Apps and assessing their security? Do you run specific tools at your work that you need to learn? Would you be doing vulnerability management/pentesting?

    Either way, start with the OWASP top 10, learn vulnerability management, and  pentesting. Pentester academy has good videos and eLearnSecurity
    1. What's your involvement with App security? : Talking with my AVP he could either hire a CloudSec Guy or and Appsec guy and with  recent requirements from the business to move to AWS Cloudsec was the winner but the need is still there so im using that as a reason to learn more and do both. I see a lot of positions asking for both.

    2. would you be creating apps securely or just looking at Apps and assessing their security?: I would be working with Devs to ensure they are building apps securely and continually assessing the apps.

    3. No specific tools but the company is willing to buy what might be needed this would be the first appsec postion.
    4. Would you be doing vulnerability management/pentesting?: would be in vuln management process and we get outside pen test quite often Like ive never heard of a company getting tested this often lol




    I find your lack of Cloud Security Disturbing!!!!!!!!!
    Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig

  • fitzlopezfitzlopez PCIP,CCNA CyberOps,CySA+,Pentest+,Linux+, CSSLP,CISSP-ISSMP,CISM,CEH,ITIL F,Cobit F,ISO27K F Member Posts: 96 ■■■□□□□□□□
    Hi if you have safari books online I recommend you skim thru this book:

    Hands-On Security in DevOps

    or you can buy it thru packt's 15 year anniversary $15dlls  https://www.packtpub.com/catalogsearch/result/?q=Hands-On Security in DevOps

    I think it gives a birds eye view to get started.

    Look into the SDLC, if you want lots of theory you could check out courses on ISC2's CSSLP certification.


Sign In or Register to comment.