SlideShare a Scribd company logo

Getting started in app sec

A
Amit Dubey

Guide to start in app sec

Career
1 of 18
Download to read offline
A M I T D U B E Y Author 1 1 - 0 9 - 2 0 2 1 Date Getting Started in App Sec How to get your first or better job in App Sec
About me • • • • • 5+ years of experience in App Sec Working as Security Consultant @ NetSPI Web App | API | Mob Sec | ThickClient | SAST Bug bounty Hunting | Freelancing I like coffee, movies, reading Twitter: Linkedin: Github: Website: @amitMDubey /in/amitmdubey /dubey-amit www.amitdubey.me
What do people think we do?
What is really do? Testing Meeting Reporting Crying
Product vs Service Based TCS InfoSys Tech-M Accenture Big 4 Google IBM SAP Microsoft Paytm
Soft skills do matter. • • • Communication Writing Skills Presentation
What IT Degree, Paid Courses, Certi cation do you need?
None.
Start learning > Basics of HTTP and Networking. > OWASP TOP 10 > SAN TOP 25 > Twitter @Agarri_FR @pry0cc @s0md3v @harshbothra_ .... > Youtube /BugBountyReportsExplained /LiveOverflow /The XSS rat /InsiderPhD /Codingo ... > Newsletters /Intigriti BugByte /DanielMiesslerNewsletter > Books
Should you learn how to code ? ~ daniel miessler
Know your tools > Proxy tools ( BURP / Fiddler / ZAP ) > Testing Environment ( PentestBox ) > Automated Scripts > DIY Scripts
Bug bounty vs Pentest • • • • Testing time window Scope Monetary rewards Different types of application • • • • Experience Stable income Working with team Opportunities V S
How to keep yourself updated ? > Daily - Read an article/blog or listen to a security podcast. Intigriti Bugbyte, Nahamsec Podcast, Old blackhat or Defcon videos, whitepapers > Weekly - Learn a new concept or vulnerability and practice. Write a blog. Oauth, DOM XSS, JWT, Race-condition. > Quarterly / Yearly - Learn new technologies. Mobile, Thick client, API, Scripting, Certification.
My Notes
Find your rst / better job. > Job search portal - Linkedin, Angel Co, Indeed, Reference. > Resume - Single page, Know your skills, Credentials ( Acknowledgements, CVE, Projects ) > Interview - Read the Job description, Know the company, Have a conversation.
Ask for Reference
Build your career > Have a presence Create your portfolio website, Linkedin, Twitter. eg. John Robert, Harsh > Network with others > Find a mentor
Thank you :) Questions?

Recommended

Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseScott Sutherland
 
Is Your Mobile App Secure?
Is Your Mobile App Secure?Is Your Mobile App Secure?
Is Your Mobile App Secure?Sam Bowne
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Dasnullowaspmumbai
 
07182013 Hacking Appliances: Ironic exploits in security products
07182013 Hacking Appliances: Ironic exploits in security products07182013 Hacking Appliances: Ironic exploits in security products
07182013 Hacking Appliances: Ironic exploits in security productsNCC Group
 
Fuzzing | Null OWASP Mumbai | 2016 June
Fuzzing | Null OWASP Mumbai | 2016 JuneFuzzing | Null OWASP Mumbai | 2016 June
Fuzzing | Null OWASP Mumbai | 2016 Junenullowaspmumbai
 
soa
soasoa
soathiyagu0484
 
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyFilling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyBlack Duck by Synopsys
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchainjasonhaddix
 

Recommended

Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseScott Sutherland
 
Is Your Mobile App Secure?
Is Your Mobile App Secure?Is Your Mobile App Secure?
Is Your Mobile App Secure?Sam Bowne
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Dasnullowaspmumbai
 
07182013 Hacking Appliances: Ironic exploits in security products
07182013 Hacking Appliances: Ironic exploits in security products07182013 Hacking Appliances: Ironic exploits in security products
07182013 Hacking Appliances: Ironic exploits in security productsNCC Group
 
Fuzzing | Null OWASP Mumbai | 2016 June
Fuzzing | Null OWASP Mumbai | 2016 JuneFuzzing | Null OWASP Mumbai | 2016 June
Fuzzing | Null OWASP Mumbai | 2016 Junenullowaspmumbai
 
soa
soasoa
soathiyagu0484
 
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyFilling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyBlack Duck by Synopsys
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchainjasonhaddix
 
Customer Case Study: ScienceLogic - Many Paths to Compliance
Customer Case Study: ScienceLogic - Many Paths to ComplianceCustomer Case Study: ScienceLogic - Many Paths to Compliance
Customer Case Study: ScienceLogic - Many Paths to ComplianceBlack Duck by Synopsys
 
Inventory Tips & Tricks
Inventory Tips & TricksInventory Tips & Tricks
Inventory Tips & TricksDell World
 
Troubleshooting K1000
Troubleshooting K1000Troubleshooting K1000
Troubleshooting K1000Dell World
 
Learning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLearning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLandice Fu
 
PHP on IBM i Tutorial
PHP on IBM i TutorialPHP on IBM i Tutorial
PHP on IBM i TutorialZendCon
 
CNIT 128 3. Attacking iOS Applications (Part 2)
CNIT 128 3. Attacking iOS Applications (Part 2)CNIT 128 3. Attacking iOS Applications (Part 2)
CNIT 128 3. Attacking iOS Applications (Part 2)Sam Bowne
 
Le Tour de xUnit
Le Tour de xUnitLe Tour de xUnit
Le Tour de xUnitAbdelmonaim Remani
 
Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool nullowaspmumbai
 
Comprehensive Performance Testing: From Early Dev to Live Production
Comprehensive Performance Testing: From Early Dev to Live ProductionComprehensive Performance Testing: From Early Dev to Live Production
Comprehensive Performance Testing: From Early Dev to Live ProductionTechWell
 
Kace & SQL
Kace & SQLKace & SQL
Kace & SQLDell World
 
Software Define Network, a new security paradigm ?
Software Define Network, a new security paradigm ?Software Define Network, a new security paradigm ?
Software Define Network, a new security paradigm ?Jean-Marc ANDRE
 
PHP Toolkit from Zend and IBM: Open Source on IBM i
PHP Toolkit from Zend and IBM: Open Source on IBM iPHP Toolkit from Zend and IBM: Open Source on IBM i
PHP Toolkit from Zend and IBM: Open Source on IBM iAlan Seiden
 
Create a welcoming development environment on IBM i
Create a welcoming development environment on IBM iCreate a welcoming development environment on IBM i
Create a welcoming development environment on IBM iAlan Seiden
 
7496_Hall 070204 Research Faculty Summit
7496_Hall 070204 Research Faculty Summit7496_Hall 070204 Research Faculty Summit
7496_Hall 070204 Research Faculty Summitwebuploader
 
From Zero to ZF: Your first zend framework project on ibm i
From Zero to ZF: Your first zend framework project on ibm iFrom Zero to ZF: Your first zend framework project on ibm i
From Zero to ZF: Your first zend framework project on ibm iAlan Seiden
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
 
Replay Solutions CFD
Replay Solutions CFDReplay Solutions CFD
Replay Solutions CFDkilroy440
 
CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)Sam Bowne
 
Itp web application development
Itp web application developmentItp web application development
Itp web application developmentShibu S R
 
Strategic Modernization with PHP on IBM i
Strategic Modernization with PHP on IBM iStrategic Modernization with PHP on IBM i
Strategic Modernization with PHP on IBM iAlan Seiden
 
Automated tests
Automated testsAutomated tests
Automated testsDamian Sromek
 
DevDay 2013 - Building Startups and Minimum Viable Products
DevDay 2013 - Building Startups and Minimum Viable ProductsDevDay 2013 - Building Startups and Minimum Viable Products
DevDay 2013 - Building Startups and Minimum Viable ProductsBen Hall
 

More Related Content

What's hot

Customer Case Study: ScienceLogic - Many Paths to Compliance
Customer Case Study: ScienceLogic - Many Paths to ComplianceCustomer Case Study: ScienceLogic - Many Paths to Compliance
Customer Case Study: ScienceLogic - Many Paths to ComplianceBlack Duck by Synopsys
 
Inventory Tips & Tricks
Inventory Tips & TricksInventory Tips & Tricks
Inventory Tips & TricksDell World
 
Troubleshooting K1000
Troubleshooting K1000Troubleshooting K1000
Troubleshooting K1000Dell World
 
Learning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLearning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLandice Fu
 
PHP on IBM i Tutorial
PHP on IBM i TutorialPHP on IBM i Tutorial
PHP on IBM i TutorialZendCon
 
CNIT 128 3. Attacking iOS Applications (Part 2)
CNIT 128 3. Attacking iOS Applications (Part 2)CNIT 128 3. Attacking iOS Applications (Part 2)
CNIT 128 3. Attacking iOS Applications (Part 2)Sam Bowne
 
Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool nullowaspmumbai
 
Comprehensive Performance Testing: From Early Dev to Live Production
Comprehensive Performance Testing: From Early Dev to Live ProductionComprehensive Performance Testing: From Early Dev to Live Production
Comprehensive Performance Testing: From Early Dev to Live ProductionTechWell
 
Software Define Network, a new security paradigm ?
Software Define Network, a new security paradigm ?Software Define Network, a new security paradigm ?
Software Define Network, a new security paradigm ?Jean-Marc ANDRE
 
PHP Toolkit from Zend and IBM: Open Source on IBM i
PHP Toolkit from Zend and IBM: Open Source on IBM iPHP Toolkit from Zend and IBM: Open Source on IBM i
PHP Toolkit from Zend and IBM: Open Source on IBM iAlan Seiden
 
Create a welcoming development environment on IBM i
Create a welcoming development environment on IBM iCreate a welcoming development environment on IBM i
Create a welcoming development environment on IBM iAlan Seiden
 
7496_Hall 070204 Research Faculty Summit
7496_Hall 070204 Research Faculty Summit7496_Hall 070204 Research Faculty Summit
7496_Hall 070204 Research Faculty Summitwebuploader
 
From Zero to ZF: Your first zend framework project on ibm i
From Zero to ZF: Your first zend framework project on ibm iFrom Zero to ZF: Your first zend framework project on ibm i
From Zero to ZF: Your first zend framework project on ibm iAlan Seiden
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
 
Replay Solutions CFD
Replay Solutions CFDReplay Solutions CFD
Replay Solutions CFDkilroy440
 
CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)Sam Bowne
 
Itp web application development
Itp web application developmentItp web application development
Itp web application developmentShibu S R
 
Strategic Modernization with PHP on IBM i
Strategic Modernization with PHP on IBM iStrategic Modernization with PHP on IBM i
Strategic Modernization with PHP on IBM iAlan Seiden
 

What's hot (20)

Customer Case Study: ScienceLogic - Many Paths to Compliance
Customer Case Study: ScienceLogic - Many Paths to ComplianceCustomer Case Study: ScienceLogic - Many Paths to Compliance
Customer Case Study: ScienceLogic - Many Paths to Compliance
 
Inventory Tips & Tricks
Inventory Tips & TricksInventory Tips & Tricks
Inventory Tips & Tricks
 
Troubleshooting K1000
Troubleshooting K1000Troubleshooting K1000
Troubleshooting K1000
 
Learning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLearning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorial
 
PHP on IBM i Tutorial
PHP on IBM i TutorialPHP on IBM i Tutorial
PHP on IBM i Tutorial
 
CNIT 128 3. Attacking iOS Applications (Part 2)
CNIT 128 3. Attacking iOS Applications (Part 2)CNIT 128 3. Attacking iOS Applications (Part 2)
CNIT 128 3. Attacking iOS Applications (Part 2)
 
Le Tour de xUnit
Le Tour de xUnitLe Tour de xUnit
Le Tour de xUnit
 
Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool
 
Comprehensive Performance Testing: From Early Dev to Live Production
Comprehensive Performance Testing: From Early Dev to Live ProductionComprehensive Performance Testing: From Early Dev to Live Production
Comprehensive Performance Testing: From Early Dev to Live Production
 
Kace & SQL
Kace & SQLKace & SQL
Kace & SQL
 
Software Define Network, a new security paradigm ?
Software Define Network, a new security paradigm ?Software Define Network, a new security paradigm ?
Software Define Network, a new security paradigm ?
 
PHP Toolkit from Zend and IBM: Open Source on IBM i
PHP Toolkit from Zend and IBM: Open Source on IBM iPHP Toolkit from Zend and IBM: Open Source on IBM i
PHP Toolkit from Zend and IBM: Open Source on IBM i
 
Create a welcoming development environment on IBM i
Create a welcoming development environment on IBM iCreate a welcoming development environment on IBM i
Create a welcoming development environment on IBM i
 
7496_Hall 070204 Research Faculty Summit
7496_Hall 070204 Research Faculty Summit7496_Hall 070204 Research Faculty Summit
7496_Hall 070204 Research Faculty Summit
 
From Zero to ZF: Your first zend framework project on ibm i
From Zero to ZF: Your first zend framework project on ibm iFrom Zero to ZF: Your first zend framework project on ibm i
From Zero to ZF: Your first zend framework project on ibm i
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your Network
 
Replay Solutions CFD
Replay Solutions CFDReplay Solutions CFD
Replay Solutions CFD
 
CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)
 
Itp web application development
Itp web application developmentItp web application development
Itp web application development
 
Strategic Modernization with PHP on IBM i
Strategic Modernization with PHP on IBM iStrategic Modernization with PHP on IBM i
Strategic Modernization with PHP on IBM i
 

Similar to Getting started in app sec

DevDay 2013 - Building Startups and Minimum Viable Products
DevDay 2013 - Building Startups and Minimum Viable ProductsDevDay 2013 - Building Startups and Minimum Viable Products
DevDay 2013 - Building Startups and Minimum Viable ProductsBen Hall
 
AI and Python: Developing a Conversational Interface using Python
AI and Python: Developing a Conversational Interface using PythonAI and Python: Developing a Conversational Interface using Python
AI and Python: Developing a Conversational Interface using Pythonamyiris
 
Mat Velloso - Bots in the real world
Mat Velloso - Bots in the real worldMat Velloso - Bots in the real world
Mat Velloso - Bots in the real worldWeb à Québec
 
So you want to do a startup
So you want to do a startupSo you want to do a startup
So you want to do a startupRashmi Sinha
 
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug BountiesWeb Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bountieskunwaratul hax0r
 
IT Success in and after College
IT Success in and after CollegeIT Success in and after College
IT Success in and after CollegeKeith Smith
 
How To Start Your InfoSec Career
How To Start Your InfoSec CareerHow To Start Your InfoSec Career
How To Start Your InfoSec CareerAndrew McNicol
 
"Open" includes users - Leverage their input
"Open" includes users - Leverage their input"Open" includes users - Leverage their input
"Open" includes users - Leverage their inputRandy Earl
 
Tech campmemphis slides_post_session
Tech campmemphis slides_post_sessionTech campmemphis slides_post_session
Tech campmemphis slides_post_sessionStewart Whaley
 
Get Your APP Together
Get Your APP TogetherGet Your APP Together
Get Your APP TogetherJoshua Drew
 
Jitendra Resume 5.6 Yrs of Experience in Testing_Banking Domain
Jitendra Resume 5.6 Yrs of Experience in Testing_Banking DomainJitendra Resume 5.6 Yrs of Experience in Testing_Banking Domain
Jitendra Resume 5.6 Yrs of Experience in Testing_Banking Domainjitendra dindupati
 
Building Startups and Minimum Viable Products (NDC2013)
Building Startups and Minimum Viable Products (NDC2013)Building Startups and Minimum Viable Products (NDC2013)
Building Startups and Minimum Viable Products (NDC2013)Ben Hall
 
Remote, unmoderated usability and user testing.
Remote, unmoderated usability and user testing.Remote, unmoderated usability and user testing.
Remote, unmoderated usability and user testing.Marc-Oliver Gern
 
How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program Jim Kaplan CIA CFE
 
The first hundred thousand users are always the hardest
The first hundred thousand users are always the hardestThe first hundred thousand users are always the hardest
The first hundred thousand users are always the hardestFakeSteve
 
First 100k users are always the hardest
First 100k users are always the hardestFirst 100k users are always the hardest
First 100k users are always the hardestRashmi Sinha
 
How to Build your Career.pptx
How to Build your Career.pptxHow to Build your Career.pptx
How to Build your Career.pptxvaideheekore
 
DCDS Career Day 2012 - Software Consulting
DCDS Career Day 2012 - Software ConsultingDCDS Career Day 2012 - Software Consulting
DCDS Career Day 2012 - Software ConsultingChris Adamson
 
2009 10 28 The Lean Startup In Paris
2009 10 28 The Lean Startup In Paris2009 10 28 The Lean Startup In Paris
2009 10 28 The Lean Startup In ParisEric Ries
 

Similar to Getting started in app sec (20)

Automated tests
Automated testsAutomated tests
Automated tests
 
DevDay 2013 - Building Startups and Minimum Viable Products
DevDay 2013 - Building Startups and Minimum Viable ProductsDevDay 2013 - Building Startups and Minimum Viable Products
DevDay 2013 - Building Startups and Minimum Viable Products
 
AI and Python: Developing a Conversational Interface using Python
AI and Python: Developing a Conversational Interface using PythonAI and Python: Developing a Conversational Interface using Python
AI and Python: Developing a Conversational Interface using Python
 
Mat Velloso - Bots in the real world
Mat Velloso - Bots in the real worldMat Velloso - Bots in the real world
Mat Velloso - Bots in the real world
 
So you want to do a startup
So you want to do a startupSo you want to do a startup
So you want to do a startup
 
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug BountiesWeb Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bounties
 
IT Success in and after College
IT Success in and after CollegeIT Success in and after College
IT Success in and after College
 
How To Start Your InfoSec Career
How To Start Your InfoSec CareerHow To Start Your InfoSec Career
How To Start Your InfoSec Career
 
"Open" includes users - Leverage their input
"Open" includes users - Leverage their input"Open" includes users - Leverage their input
"Open" includes users - Leverage their input
 
Tech campmemphis slides_post_session
Tech campmemphis slides_post_sessionTech campmemphis slides_post_session
Tech campmemphis slides_post_session
 
Get Your APP Together
Get Your APP TogetherGet Your APP Together
Get Your APP Together
 
Jitendra Resume 5.6 Yrs of Experience in Testing_Banking Domain
Jitendra Resume 5.6 Yrs of Experience in Testing_Banking DomainJitendra Resume 5.6 Yrs of Experience in Testing_Banking Domain
Jitendra Resume 5.6 Yrs of Experience in Testing_Banking Domain
 
Building Startups and Minimum Viable Products (NDC2013)
Building Startups and Minimum Viable Products (NDC2013)Building Startups and Minimum Viable Products (NDC2013)
Building Startups and Minimum Viable Products (NDC2013)
 
Remote, unmoderated usability and user testing.
Remote, unmoderated usability and user testing.Remote, unmoderated usability and user testing.
Remote, unmoderated usability and user testing.
 
How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program
 
The first hundred thousand users are always the hardest
The first hundred thousand users are always the hardestThe first hundred thousand users are always the hardest
The first hundred thousand users are always the hardest
 
First 100k users are always the hardest
First 100k users are always the hardestFirst 100k users are always the hardest
First 100k users are always the hardest
 
How to Build your Career.pptx
How to Build your Career.pptxHow to Build your Career.pptx
How to Build your Career.pptx
 
DCDS Career Day 2012 - Software Consulting
DCDS Career Day 2012 - Software ConsultingDCDS Career Day 2012 - Software Consulting
DCDS Career Day 2012 - Software Consulting
 
2009 10 28 The Lean Startup In Paris
2009 10 28 The Lean Startup In Paris2009 10 28 The Lean Startup In Paris
2009 10 28 The Lean Startup In Paris
 

Recently uploaded

Graduate Trainee Officer Job in Bank Al Habib 2024.docx
Graduate Trainee Officer Job in Bank Al Habib 2024.docxGraduate Trainee Officer Job in Bank Al Habib 2024.docx
Graduate Trainee Officer Job in Bank Al Habib 2024.docxJobs Finder Hub
 
办理学位证(UoM证书)北安普顿大学毕业证成绩单原版一比一
办理学位证(UoM证书)北安普顿大学毕业证成绩单原版一比一办理学位证(UoM证书)北安普顿大学毕业证成绩单原版一比一
办理学位证(UoM证书)北安普顿大学毕业证成绩单原版一比一A SSS
 
LinkedIn Strategic Guidelines April 2024
LinkedIn Strategic Guidelines April 2024LinkedIn Strategic Guidelines April 2024
LinkedIn Strategic Guidelines April 2024Bruce Bennett
 
Kindergarten-DLL-MELC-Q3-Week 2 asf.docx
Kindergarten-DLL-MELC-Q3-Week 2 asf.docxKindergarten-DLL-MELC-Q3-Week 2 asf.docx
Kindergarten-DLL-MELC-Q3-Week 2 asf.docxLesterJayAquino
 
原版定制卡尔加里大学毕业证(UC毕业证)留信学历认证
原版定制卡尔加里大学毕业证(UC毕业证)留信学历认证原版定制卡尔加里大学毕业证(UC毕业证)留信学历认证
原版定制卡尔加里大学毕业证(UC毕业证)留信学历认证diploma001
 
办理(NUS毕业证书)新加坡国立大学毕业证成绩单原版一比一
办理(NUS毕业证书)新加坡国立大学毕业证成绩单原版一比一办理(NUS毕业证书)新加坡国立大学毕业证成绩单原版一比一
办理(NUS毕业证书)新加坡国立大学毕业证成绩单原版一比一F La
 
办理(Salford毕业证书)索尔福德大学毕业证成绩单原版一比一
办理(Salford毕业证书)索尔福德大学毕业证成绩单原版一比一办理(Salford毕业证书)索尔福德大学毕业证成绩单原版一比一
办理(Salford毕业证书)索尔福德大学毕业证成绩单原版一比一diploma 1
 
tools in IDTelated to first year vtu students is useful where they can refer ...
tools in IDTelated to first year vtu students is useful where they can refer ...tools in IDTelated to first year vtu students is useful where they can refer ...
tools in IDTelated to first year vtu students is useful where they can refer ...vinbld123
 
Ioannis Tzachristas Self-Presentation for MBA.pdf
Ioannis Tzachristas Self-Presentation for MBA.pdfIoannis Tzachristas Self-Presentation for MBA.pdf
Ioannis Tzachristas Self-Presentation for MBA.pdfjtzach
 
Escort Service Andheri WhatsApp:+91-9833363713
Escort Service Andheri WhatsApp:+91-9833363713Escort Service Andheri WhatsApp:+91-9833363713
Escort Service Andheri WhatsApp:+91-9833363713Riya Pathan
 
办理学位证(纽伦堡大学文凭证书)纽伦堡大学毕业证成绩单原版一模一样
办理学位证(纽伦堡大学文凭证书)纽伦堡大学毕业证成绩单原版一模一样办理学位证(纽伦堡大学文凭证书)纽伦堡大学毕业证成绩单原版一模一样
办理学位证(纽伦堡大学文凭证书)纽伦堡大学毕业证成绩单原版一模一样umasea
 
定制(Waikato毕业证书)新西兰怀卡托大学毕业证成绩单原版一比一
定制(Waikato毕业证书)新西兰怀卡托大学毕业证成绩单原版一比一定制(Waikato毕业证书)新西兰怀卡托大学毕业证成绩单原版一比一
定制(Waikato毕业证书)新西兰怀卡托大学毕业证成绩单原版一比一Fs
 
办理哈珀亚当斯大学学院毕业证书文凭学位证书
办理哈珀亚当斯大学学院毕业证书文凭学位证书办理哈珀亚当斯大学学院毕业证书文凭学位证书
办理哈珀亚当斯大学学院毕业证书文凭学位证书saphesg8
 
Issues in the Philippines (Unemployment and Underemployment).pptx
Issues in the Philippines (Unemployment and Underemployment).pptxIssues in the Philippines (Unemployment and Underemployment).pptx
Issues in the Philippines (Unemployment and Underemployment).pptxJenniferPeraro1
 
LESSON O1_The Meaning and Importance of MICE.pdf
LESSON O1_The Meaning and Importance of MICE.pdfLESSON O1_The Meaning and Importance of MICE.pdf
LESSON O1_The Meaning and Importance of MICE.pdf0471992maroyal
 
Gurgaon Call Girls: Free Delivery 24x7 at Your Doorstep G.G.N = 8377087607
Gurgaon Call Girls: Free Delivery 24x7 at Your Doorstep G.G.N = 8377087607Gurgaon Call Girls: Free Delivery 24x7 at Your Doorstep G.G.N = 8377087607
Gurgaon Call Girls: Free Delivery 24x7 at Your Doorstep G.G.N = 8377087607dollysharma2066
 
定制英国克兰菲尔德大学毕业证成绩单原版一比一
定制英国克兰菲尔德大学毕业证成绩单原版一比一定制英国克兰菲尔德大学毕业证成绩单原版一比一
定制英国克兰菲尔德大学毕业证成绩单原版一比一z zzz
 
办理(Hull毕业证书)英国赫尔大学毕业证成绩单原版一比一
办理(Hull毕业证书)英国赫尔大学毕业证成绩单原版一比一办理(Hull毕业证书)英国赫尔大学毕业证成绩单原版一比一
办理(Hull毕业证书)英国赫尔大学毕业证成绩单原版一比一F La
 
Ch. 9- __Skin, hair and nail Assessment (1).pdf
Ch. 9- __Skin, hair and nail Assessment (1).pdfCh. 9- __Skin, hair and nail Assessment (1).pdf
Ch. 9- __Skin, hair and nail Assessment (1).pdfJamalYaseenJameelOde
 
Crack JAG. Guidance program for entry to JAG Dept. & SSB interview
Crack JAG. Guidance program for entry to JAG Dept. & SSB interviewCrack JAG. Guidance program for entry to JAG Dept. & SSB interview
Crack JAG. Guidance program for entry to JAG Dept. & SSB interviewNilendra Kumar
 

Recently uploaded (20)

Graduate Trainee Officer Job in Bank Al Habib 2024.docx
Graduate Trainee Officer Job in Bank Al Habib 2024.docxGraduate Trainee Officer Job in Bank Al Habib 2024.docx
Graduate Trainee Officer Job in Bank Al Habib 2024.docx
 
办理学位证(UoM证书)北安普顿大学毕业证成绩单原版一比一
办理学位证(UoM证书)北安普顿大学毕业证成绩单原版一比一办理学位证(UoM证书)北安普顿大学毕业证成绩单原版一比一
办理学位证(UoM证书)北安普顿大学毕业证成绩单原版一比一
 
LinkedIn Strategic Guidelines April 2024
LinkedIn Strategic Guidelines April 2024LinkedIn Strategic Guidelines April 2024
LinkedIn Strategic Guidelines April 2024
 
Kindergarten-DLL-MELC-Q3-Week 2 asf.docx
Kindergarten-DLL-MELC-Q3-Week 2 asf.docxKindergarten-DLL-MELC-Q3-Week 2 asf.docx
Kindergarten-DLL-MELC-Q3-Week 2 asf.docx
 
原版定制卡尔加里大学毕业证(UC毕业证)留信学历认证
原版定制卡尔加里大学毕业证(UC毕业证)留信学历认证原版定制卡尔加里大学毕业证(UC毕业证)留信学历认证
原版定制卡尔加里大学毕业证(UC毕业证)留信学历认证
 
办理(NUS毕业证书)新加坡国立大学毕业证成绩单原版一比一
办理(NUS毕业证书)新加坡国立大学毕业证成绩单原版一比一办理(NUS毕业证书)新加坡国立大学毕业证成绩单原版一比一
办理(NUS毕业证书)新加坡国立大学毕业证成绩单原版一比一
 
办理(Salford毕业证书)索尔福德大学毕业证成绩单原版一比一
办理(Salford毕业证书)索尔福德大学毕业证成绩单原版一比一办理(Salford毕业证书)索尔福德大学毕业证成绩单原版一比一
办理(Salford毕业证书)索尔福德大学毕业证成绩单原版一比一
 
tools in IDTelated to first year vtu students is useful where they can refer ...
tools in IDTelated to first year vtu students is useful where they can refer ...tools in IDTelated to first year vtu students is useful where they can refer ...
tools in IDTelated to first year vtu students is useful where they can refer ...
 
Ioannis Tzachristas Self-Presentation for MBA.pdf
Ioannis Tzachristas Self-Presentation for MBA.pdfIoannis Tzachristas Self-Presentation for MBA.pdf
Ioannis Tzachristas Self-Presentation for MBA.pdf
 
Escort Service Andheri WhatsApp:+91-9833363713
Escort Service Andheri WhatsApp:+91-9833363713Escort Service Andheri WhatsApp:+91-9833363713
Escort Service Andheri WhatsApp:+91-9833363713
 
办理学位证(纽伦堡大学文凭证书)纽伦堡大学毕业证成绩单原版一模一样
办理学位证(纽伦堡大学文凭证书)纽伦堡大学毕业证成绩单原版一模一样办理学位证(纽伦堡大学文凭证书)纽伦堡大学毕业证成绩单原版一模一样
办理学位证(纽伦堡大学文凭证书)纽伦堡大学毕业证成绩单原版一模一样
 
定制(Waikato毕业证书)新西兰怀卡托大学毕业证成绩单原版一比一
定制(Waikato毕业证书)新西兰怀卡托大学毕业证成绩单原版一比一定制(Waikato毕业证书)新西兰怀卡托大学毕业证成绩单原版一比一
定制(Waikato毕业证书)新西兰怀卡托大学毕业证成绩单原版一比一
 
办理哈珀亚当斯大学学院毕业证书文凭学位证书
办理哈珀亚当斯大学学院毕业证书文凭学位证书办理哈珀亚当斯大学学院毕业证书文凭学位证书
办理哈珀亚当斯大学学院毕业证书文凭学位证书
 
Issues in the Philippines (Unemployment and Underemployment).pptx
Issues in the Philippines (Unemployment and Underemployment).pptxIssues in the Philippines (Unemployment and Underemployment).pptx
Issues in the Philippines (Unemployment and Underemployment).pptx
 
LESSON O1_The Meaning and Importance of MICE.pdf
LESSON O1_The Meaning and Importance of MICE.pdfLESSON O1_The Meaning and Importance of MICE.pdf
LESSON O1_The Meaning and Importance of MICE.pdf
 
Gurgaon Call Girls: Free Delivery 24x7 at Your Doorstep G.G.N = 8377087607
Gurgaon Call Girls: Free Delivery 24x7 at Your Doorstep G.G.N = 8377087607Gurgaon Call Girls: Free Delivery 24x7 at Your Doorstep G.G.N = 8377087607
Gurgaon Call Girls: Free Delivery 24x7 at Your Doorstep G.G.N = 8377087607
 
定制英国克兰菲尔德大学毕业证成绩单原版一比一
定制英国克兰菲尔德大学毕业证成绩单原版一比一定制英国克兰菲尔德大学毕业证成绩单原版一比一
定制英国克兰菲尔德大学毕业证成绩单原版一比一
 
办理(Hull毕业证书)英国赫尔大学毕业证成绩单原版一比一
办理(Hull毕业证书)英国赫尔大学毕业证成绩单原版一比一办理(Hull毕业证书)英国赫尔大学毕业证成绩单原版一比一
办理(Hull毕业证书)英国赫尔大学毕业证成绩单原版一比一
 
Ch. 9- __Skin, hair and nail Assessment (1).pdf
Ch. 9- __Skin, hair and nail Assessment (1).pdfCh. 9- __Skin, hair and nail Assessment (1).pdf
Ch. 9- __Skin, hair and nail Assessment (1).pdf
 
Crack JAG. Guidance program for entry to JAG Dept. & SSB interview
Crack JAG. Guidance program for entry to JAG Dept. & SSB interviewCrack JAG. Guidance program for entry to JAG Dept. & SSB interview
Crack JAG. Guidance program for entry to JAG Dept. & SSB interview
 

Getting started in app sec

  • 1. A M I T D U B E Y Author 1 1 - 0 9 - 2 0 2 1 Date Getting Started in App Sec How to get your first or better job in App Sec
  • 2. About me • • • • • 5+ years of experience in App Sec Working as Security Consultant @ NetSPI Web App | API | Mob Sec | ThickClient | SAST Bug bounty Hunting | Freelancing I like coffee, movies, reading Twitter: Linkedin: Github: Website: @amitMDubey /in/amitmdubey /dubey-amit www.amitdubey.me
  • 3. What do people think we do?
  • 4. What is really do? Testing Meeting Reporting Crying
  • 5. Product vs Service Based TCS InfoSys Tech-M Accenture Big 4 Google IBM SAP Microsoft Paytm
  • 6. Soft skills do matter. • • • Communication Writing Skills Presentation
  • 7. What IT Degree, Paid Courses, Certi cation do you need?
  • 9. Start learning > Basics of HTTP and Networking. > OWASP TOP 10 > SAN TOP 25 > Twitter @Agarri_FR @pry0cc @s0md3v @harshbothra_ .... > Youtube /BugBountyReportsExplained /LiveOverflow /The XSS rat /InsiderPhD /Codingo ... > Newsletters /Intigriti BugByte /DanielMiesslerNewsletter > Books
  • 10. Should you learn how to code ? ~ daniel miessler
  • 11. Know your tools > Proxy tools ( BURP / Fiddler / ZAP ) > Testing Environment ( PentestBox ) > Automated Scripts > DIY Scripts
  • 12. Bug bounty vs Pentest • • • • Testing time window Scope Monetary rewards Different types of application • • • • Experience Stable income Working with team Opportunities V S
  • 13. How to keep yourself updated ? > Daily - Read an article/blog or listen to a security podcast. Intigriti Bugbyte, Nahamsec Podcast, Old blackhat or Defcon videos, whitepapers > Weekly - Learn a new concept or vulnerability and practice. Write a blog. Oauth, DOM XSS, JWT, Race-condition. > Quarterly / Yearly - Learn new technologies. Mobile, Thick client, API, Scripting, Certification.
  • 15. Find your rst / better job. > Job search portal - Linkedin, Angel Co, Indeed, Reference. > Resume - Single page, Know your skills, Credentials ( Acknowledgements, CVE, Projects ) > Interview - Read the Job description, Know the company, Have a conversation.
  • 17. Build your career > Have a presence Create your portfolio website, Linkedin, Twitter. eg. John Robert, Harsh > Network with others > Find a mentor