AppSec / Application Security

ClmClm Member Posts: 444 ■■■■□□□□□□
in Certification Preparation
Hey all so I need to learn application security for my new company and looking for resources i would prefer Video course and Labs if you know of anything like that please let me know.
I find your lack of Cloud Security Disturbing!!!!!!!!!
Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig

· Share on FacebookShare on Twitter

Comments

  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    What's your involvement with App security? would you be creating apps securely or just looking at Apps and assessing their security? Do you run specific tools at your work that you need to learn? Would you be doing vulnerability management/pentesting?

    Either way, start with the OWASP top 10, learn vulnerability management, and  pentesting. Pentester academy has good videos and eLearnSecurity
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

    · Share on FacebookShare on Twitter
  • ClmClm Member Posts: 444 ■■■■□□□□□□
    UnixGuy said:
    What's your involvement with App security? would you be creating apps securely or just looking at Apps and assessing their security? Do you run specific tools at your work that you need to learn? Would you be doing vulnerability management/pentesting?

    Either way, start with the OWASP top 10, learn vulnerability management, and  pentesting. Pentester academy has good videos and eLearnSecurity
    1. What's your involvement with App security? : Talking with my AVP he could either hire a CloudSec Guy or and Appsec guy and with  recent requirements from the business to move to AWS Cloudsec was the winner but the need is still there so im using that as a reason to learn more and do both. I see a lot of positions asking for both.

    2. would you be creating apps securely or just looking at Apps and assessing their security?: I would be working with Devs to ensure they are building apps securely and continually assessing the apps.

    3. No specific tools but the company is willing to buy what might be needed this would be the first appsec postion.
    4. Would you be doing vulnerability management/pentesting?: would be in vuln management process and we get outside pen test quite often Like ive never heard of a company getting tested this often lol




    I find your lack of Cloud Security Disturbing!!!!!!!!!
    Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig

    · Share on FacebookShare on Twitter
  • fitzlopezfitzlopez Member Posts: 103 ■■■□□□□□□□
    Hi if you have safari books online I recommend you skim thru this book:

    Hands-On Security in DevOps

    or you can buy it thru packt's 15 year anniversary $15dlls  https://www.packtpub.com/catalogsearch/result/?q=Hands-On Security in DevOps

    I think it gives a birds eye view to get started.

    Look into the SDLC, if you want lots of theory you could check out courses on ISC2's CSSLP certification.


    · Share on FacebookShare on Twitter
Sign In or Register to comment.