Application Security

7 tips for developers who want to enter the AppSec world

If you are a developer and thinking about entering tghe AppSec world – or if you are even considering a career more focused on this area – this article is for you!

We’ve consulted our AppSec experts at Conviso to come up with tips that will ease your journey to more development security knowledge.

You can also listen to this article:

1. Get familiar with OWASP

Have you ever heard of OWASP (Open Web Application Security Project)? It is a global and online community that creates and provides free articles, methodologies, documentation, tools and technologies in web application security.

We have a very complete and updated article on it. OWASP provides, for free, very rich materials, such as secure development guides.

All this can be very useful not only for those who are entering appsec universe, but also for those who already live it on a daily basis, since it is an excellent material for daily study.

2. Take the AppSec Starter training

At Conviso, we encourage continuous learning! That’s why we made the AppSec Starter training available –  free of charge – on our YouTube channel – an initial AppSec awareness tranining.

For developers – or anyone interested in delving deeper into Secure Development – it’s an excellent opportunity to learn initial concepts on the topic.

The training consists on a total of 15 video lessons.

Read too: An initial guide for developing secure applications

3. Attend your community’s OWASP Local Chapter events

Now that you’re more familiar with OWASP, why not join communities that address topics relevant to secure development?

OWASP Local Chapters are communities for appsec professionals around the world that promote events.

The events are free and open to anyone. It’s great for both learning and networking! Look for the one closest to you and attend meetings and events.

4. Study about the main attacks

Know and study about some of the main attacks. Start with the OWASP Top 10 categories and also familiarize yourself with Miter’s CWE’s weaknesses. Oh, don’t forget to check if you are implementing security requirements like ASVS.

As we said before: AppSec is not just limited to offensive security, but of course it is also an important part of this universe.

5. Understand that Secure Development is a culture

It is essential to understand that SecureDevelopment is a cultural issue, and therefore requires more than carrying out specific training or applying tests.

But how to put this into practice? If you are a dev, you need to go beyond the programming language and seek to learn about how to develop secure code from conception.

6. Join online communities

Talking, debating and exchanging ideas with those who live AppSec on a daily basis is an excellent way to update yourself on the subject. Conviso maintains an open DevSecOps community on Slack, make sure to join it.

7. If you’re not a native English speaker, work on your English

Hey, if you’re reading this article in English, that’s probably not an issue for you. But many AppSec study materials are available in English only. Therefore, if your goal is to have a career in this area, investing in language learning can certainly make a difference.

If you’re self-taught, you’ll certainly be able to make good progress through free materials, language apps, and constant reading, but if learning other languages ​​isn’t exactly your forte, be sure to invest in a good course – if it fits in your budget, of course.

After all, it is a skill that is not only a differential in AppSec, but that boosts the curriculum in any area, in addition to bringing benefits to personal and professional development, in general. It’s no exaggeration!

Was this content insightful?

Our YouTube channel is full of AppSec content aimed at developers. Subscribe to our channel so you don’t miss any tips!

Nova call to action
About author

Articles

Communication Analyst at Conviso. With a degree in Journalism, she has 10 years of experience as a content strategist, as well as as a content editor.
Related posts
Application Security

Implementing a CI/CD Pipeline: Ensuring Software Quality and Security

In the current scenario of software development, speed and quality in application delivery are…
Read more
Application Security

Security Risk Management: Best Practices and Processes

Security risk management is a strategic process that involves identifying, assessing, and…
Read more
Application SecurityCode Fighters

How to integrate Semgrep on CI/CD's and send findings to Conviso Platform

Nowadays a very common practice is to integrate security scans during the continuous integration and…
Read more

Deixe um comentário