Learn Application Security Testing in 2024
Рет қаралды 16,830
Күн бұрын
@RanaKhalil101 11 ай бұрын
Thank you for the shout out! ❤
@Asadneon 11 ай бұрын
wow Rana khalil here
@Tib3rius 11 ай бұрын
You're very welcome Rana! Keep up the great work!
@DropeXK09 11 ай бұрын
I love this video! Short, direct to the point and very informative :D
@Tib3rius 11 ай бұрын
Thanks for the kind words!
@ug1502ez 11 ай бұрын
Hi @Tib3rius, and thanks for this post. These days when anyone talks about Application Security, I find it is just Web Application Security. Please shed some light on this.
@Khanasad_ 11 ай бұрын
This is best, most compressed and most detail video .. did i contradict myself?
@Tib3rius 11 ай бұрын
Thank you for the kind words!
@Khanasad_ 11 ай бұрын
@@Tib3rius it's my pleasure I have shared with my group as well . 1 request can you please make a video about Appsec engineer who is transitioning from beginner but not quite yet reached advance. Like how to access where you stand and what all things you should be knowing. This I am asking in term of web and mobile.
@Tib3rius 11 ай бұрын
@@Khanasad_ I'll forward your request to Alex Olsen, he's more in-tune with appsec engineering IMO. I've basically been a pentester for my entire career so my knowledge is more focused on the offensive side of things. :D
@Khanasad_ 11 ай бұрын
@@Tib3rius sorry there has been a miscommunication from my side, even I am a pentester I meant to say pentesting .
@Tib3rius 11 ай бұрын
@@Khanasad_ ah ok, cool, I'll add it to my list of future video ideas 😁
@shu6h00 11 ай бұрын
Very informative and cut to the point 👌🏼
@AlexLucard 11 ай бұрын
I'd make one suggestion instead of learning Java. I would say you should learn JavaScript. I've been doing pen testing for a while and python and JavaScript have been the primary languages I use the most. The third would be powershell.
@Skaxarrat 6 ай бұрын
Python and JavaScript are basics. I understand the need for Python for scripting and some backend frameworks, but ignoring JavaScript is weird...
@jamesvelopmenthagood8998 5 ай бұрын
Java seems like such a pain if you are not already familiar with it
@qwerty-p5m1f 11 ай бұрын
Bash is also very helpful in automation.
@TeraQuad 11 ай бұрын
Love your work, TCM & Tib3rius. What recommendation (tools and certification) do you have to improve auditing and compliance? Would Burp Suite or Snyk help (maybe for reporting, STIG/SRG, compliance or policy checks) even though they are DAST/SAST/RASP tools?
@5s4l1p1fcw 11 ай бұрын
Thanks. What about OSWA from OffSec?
@JakartaMax Ай бұрын
I am surprised that Python and Java are mentioned, but not the obvious, Javascript? Did I miss, that Javascript was mentioned just a Requirement?
@amirusewmin6318 11 ай бұрын
definetly useful
@Tib3rius 11 ай бұрын
Thank you!
@AbhaySingh-qz6qm 11 ай бұрын
No love for containers, k8s?
@Tib3rius 11 ай бұрын
How does that relate to a career in application security testing? (genuinely curious on your take)
@AbhaySingh-qz6qm 11 ай бұрын
@@Tib3rius Hi, I am switching career at 40 so I am pretty new to this field :) I assumed containers security to be subset of appsec since they contain app code. no? and for the same reason k8 too. I also read somewhere on reddit about it that appsec is a huge field.
@Tib3rius 11 ай бұрын
@@AbhaySingh-qz6qm firstly, that's awesome you are switching careers, I hope it goes well! Container security is a large area itself, as containers deal with more than just application code. However AppSec is very specifically about the security of applications (i.e. the code that makes web apps function) and little else. Web Applications can run in containers, but they can also run on regular "bare metal" operating systems and VMs. Container security has more in common with traditional network security than AppSec IMO, but again it could be considered a domain of its own like Cloud Security.
@AbhaySingh-qz6qm 11 ай бұрын
@@Tib3rius Thanks! :) I need to be more educated and aware to speak the same language lol. Btw, loved your appsec question series on twitter.
@tiknikalsupport 11 ай бұрын
❤
@Tib3rius 11 ай бұрын
❤
@vhsonacomeback 11 ай бұрын
Great video. Thank you for making this available. Can you please let me know if it is possible to add links to the additional resources itemized by section in the description? I am not a content creator. I am genuinely asking. For instance, I was able to find kzbin.info/www/bejne/n4qwY618hZiNpJI and kzbin.info/aero/PLZlA0Gpn_vH9xx-RRVNG187ETT2ekWFsq within the channels identified in the Learning the Fundamentals section. But, will those videos teach me all I should know in the learning fundamentals portion of the video? Are those the correct videos? Videos probably get taken down enough to where those links may not be future-proof. So, I understand if my request isn't a good suggestion. Also, are there any plans to create a course related to secure source code review? Or, are there any courses where the focus is teaching me how to build my own intentionally vulnerable application in Java? I can't speak for anyone else, but I think that would help me understand how things work in the backend.
@PrashannaGhimire-q6c 11 ай бұрын
first🥰
@maheshkumarmali8265 11 ай бұрын
First
@mango-gu5xo 11 ай бұрын
you speak too quickly, i can not follow you.
@Tib3rius 11 ай бұрын
Hey, sorry about that. There's a fine balance because if I speak slower, some people say I speak too slowly! Luckily on KZbin you can set the playback speed so try watching the video at 0.75 speed and that might work :D
@mango-gu5xo 11 ай бұрын
@@Tib3rius thanks, i will do it next time.
Software Engineering Institute | Carnegie Mellon University
Рет қаралды 6 М.