Collaborate Disseminate
I am asking around the security community trying to get different opinions and discover the different methods of how to introduce and implement threat modelling and sec design reviews into an agile SDLC. I would be really gra… Continue reading Agile Security Threat Modelling
I have 7 years computer programming experience and i’m currently doing the pwk (oscp) and I just wanted to know whether it is considered as junior or mid level regarding penetration testing?
Continue reading Is OSCP qualification considered Junior or Mid?
Whats the highest paying penetration testing contract job you’ve seen or worked and in which country?
I’m a web developer with about 7 years experience, but for the last 12 months I’ve been getting into cyber security so I’ve started implementing secure code practices and OWASP good practices at work. I’ve been preparing to do my OSCP an I’ve done a few CTFs because pentesting seems really interesting although I think application security is more me.
I’ve noticed app sec guys dont have/require large collections of certifications like pentesters do.
1) apart from reading web app hackers handbook, implementating OWASP secure methodologies and doing CTFs, how else can I get into application security without purchasing pwk course (OSCP)?
2) Is it worth taking OSCP to become an application security specialist or any other cert?
3) What’s the big difference in terms of daily job tasks between network penetration testing and web application security?
Continue reading Application security vs network penetration testing