Learn Application Security Testing in 2024
HTML-код
- Опубликовано: 9 июн 2024
- Have you wanted to start a career in Application Security, but you aren't sure where you start? In today's video, Tib3rius talks about how to build your foundation of knowledge and skills using free and paid resources as well as explaining why you need to do certain things and providing examples to help you on your journey.
0:00 Intro
0:49 Avoiding Content Overload
1:59 Learning the Fundamentals
3:00 Learning Programming
5:13 Learning Security Concepts
6:40 Learning Tools
8:42 Certs & Experience
10:49 Outro
Are you interested in Sponsoring one of our RUclips Videos? Contact us with the form here: www.tcm.rocks/Sponsors
Pentests & Security Consulting: tcm-sec.com
Get Trained: academy.tcm-sec.com
Get Certified: certifications.tcm-sec.com
Merch: merch.tcm-sec.com
Sponsorship Inquiries: info@thecybermentor.com
📱Social Media📱
___________________________________________
Twitter: / thecybermentor
Twitch: / thecybermentor
Instagram: / thecybermentor
LinkedIn: / heathadams
TikTok: / thecybermentor
Discord: / discord
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
/ thecybermentor
Support the stream (one-time): streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: amzn.to/31GN7iX
The Hacker Playbook 3: amzn.to/34XkIY2
Hacking: The Art of Exploitation: amzn.to/2VchDyL
The Web Application Hacker's Handbook: amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: amzn.to/31HAmVx
Linux Basics for Hackers: amzn.to/34WvcXP
Python Crash Course, 2nd Edition: amzn.to/30gINu0
Violent Python: amzn.to/2QoGoJn
Black Hat Python: amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: amzn.to/30d1UW1
EVGA 2080TI: amzn.to/30d2lj7
MSI Z390 MotherBoard: amzn.to/30eu5TL
Intel 9700K: amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: amzn.to/2M638Zb
Razer Nommo Chroma Speakers: amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: amzn.to/2LIRxAp
Aston Origin Microphone: amzn.to/2LFtNNE
Rode VideoMicro: amzn.to/309yLKH
Mackie PROFX8V2 Mixer: amzn.to/31HKOMB
Elgato Cam Link 4K: amzn.to/2QlicYx
Elgate Stream Deck: amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites. - Наука
Thank you for the shout out! ❤
wow Rana khalil here
You're very welcome Rana! Keep up the great work!
I'd make one suggestion instead of learning Java. I would say you should learn JavaScript. I've been doing pen testing for a while and python and JavaScript have been the primary languages I use the most. The third would be powershell.
I love this video! Short, direct to the point and very informative :D
Thanks for the kind words!
Very informative and cut to the point 👌🏼
Hi @Tib3rius, and thanks for this post.
These days when anyone talks about Application Security, I find it is just Web Application Security. Please shed some light on this.
Love your work, TCM & Tib3rius.
What recommendation (tools and certification) do you have to improve auditing and compliance? Would Burp Suite or Snyk help (maybe for reporting, STIG/SRG, compliance or policy checks) even though they are DAST/SAST/RASP tools?
Bash is also very helpful in automation.
This is best, most compressed and most detail video ..
did i contradict myself?
Thank you for the kind words!
@@Tib3rius it's my pleasure I have shared with my group as well .
1 request can you please make a video about Appsec engineer who is transitioning from beginner but not quite yet reached advance.
Like how to access where you stand and what all things you should be knowing. This I am asking in term of web and mobile.
@@Khanasad_ I'll forward your request to Alex Olsen, he's more in-tune with appsec engineering IMO. I've basically been a pentester for my entire career so my knowledge is more focused on the offensive side of things. :D
@@Tib3rius sorry there has been a miscommunication from my side, even I am a pentester I meant to say pentesting .
@@Khanasad_ ah ok, cool, I'll add it to my list of future video ideas 😁
Thanks. What about OSWA from OffSec?
definetly useful
Thank you!
❤
❤
No love for containers, k8s?
How does that relate to a career in application security testing? (genuinely curious on your take)
@@Tib3rius Hi, I am switching career at 40 so I am pretty new to this field :) I assumed containers security to be subset of appsec since they contain app code. no? and for the same reason k8 too. I also read somewhere on reddit about it that appsec is a huge field.
@@AbhaySingh-qz6qm firstly, that's awesome you are switching careers, I hope it goes well!
Container security is a large area itself, as containers deal with more than just application code. However AppSec is very specifically about the security of applications (i.e. the code that makes web apps function) and little else.
Web Applications can run in containers, but they can also run on regular "bare metal" operating systems and VMs. Container security has more in common with traditional network security than AppSec IMO, but again it could be considered a domain of its own like Cloud Security.
@@Tib3rius Thanks! :) I need to be more educated and aware to speak the same language lol.
Btw, loved your appsec question series on twitter.
first🥰
First
Great video. Thank you for making this available.
Can you please let me know if it is possible to add links to the additional resources itemized by section in the description? I am not a content creator. I am genuinely asking.
For instance, I was able to find ruclips.net/video/iYM2zFP3Zn0/видео.html and ruclips.net/p/PLZlA0Gpn_vH9xx-RRVNG187ETT2ekWFsq within the channels identified in the Learning the Fundamentals section. But, will those videos teach me all I should know in the learning fundamentals portion of the video? Are those the correct videos? Videos probably get taken down enough to where those links may not be future-proof. So, I understand if my request isn't a good suggestion.
Also, are there any plans to create a course related to secure source code review? Or, are there any courses where the focus is teaching me how to build my own intentionally vulnerable application in Java? I can't speak for anyone else, but I think that would help me understand how things work in the backend.
you speak too quickly, i can not follow you.
Hey, sorry about that. There's a fine balance because if I speak slower, some people say I speak too slowly! Luckily on RUclips you can set the playback speed so try watching the video at 0.75 speed and that might work :D
@@Tib3rius thanks, i will do it next time.