If you are a developer and thinking about entering tghe AppSec world – or if you are even considering a career more focused on this area – this article is for you!
We’ve consulted our AppSec experts at Conviso to come up with tips that will ease your journey to more development security knowledge.
You can also listen to this article:
1. Get familiar with OWASP
Have you ever heard of OWASP (Open Web Application Security Project)? It is a global and online community that creates and provides free articles, methodologies, documentation, tools and technologies in web application security.
We have a very complete and updated article on it. OWASP provides, for free, very rich materials, such as secure development guides.
All this can be very useful not only for those who are entering appsec universe, but also for those who already live it on a daily basis, since it is an excellent material for daily study.
2. Take the AppSec Starter training
At Conviso, we encourage continuous learning! That’s why we made the AppSec Starter training available – free of charge – on our YouTube channel – an initial AppSec awareness tranining.
For developers – or anyone interested in delving deeper into Secure Development – it’s an excellent opportunity to learn initial concepts on the topic.
The training consists on a total of 15 video lessons.
Read too: An initial guide for developing secure applications
3. Attend your community’s OWASP Local Chapter events
Now that you’re more familiar with OWASP, why not join communities that address topics relevant to secure development?
OWASP Local Chapters are communities for appsec professionals around the world that promote events.
The events are free and open to anyone. It’s great for both learning and networking! Look for the one closest to you and attend meetings and events.
4. Study about the main attacks
Know and study about some of the main attacks. Start with the OWASP Top 10 categories and also familiarize yourself with Miter’s CWE’s weaknesses. Oh, don’t forget to check if you are implementing security requirements like ASVS.
As we said before: AppSec is not just limited to offensive security, but of course it is also an important part of this universe.
5. Understand that Secure Development is a culture
It is essential to understand that SecureDevelopment is a cultural issue, and therefore requires more than carrying out specific training or applying tests.
But how to put this into practice? If you are a dev, you need to go beyond the programming language and seek to learn about how to develop secure code from conception.
6. Join online communities
Talking, debating and exchanging ideas with those who live AppSec on a daily basis is an excellent way to update yourself on the subject. Conviso maintains an open DevSecOps community on Slack, make sure to join it.
7. If you’re not a native English speaker, work on your English
Hey, if you’re reading this article in English, that’s probably not an issue for you. But many AppSec study materials are available in English only. Therefore, if your goal is to have a career in this area, investing in language learning can certainly make a difference.
If you’re self-taught, you’ll certainly be able to make good progress through free materials, language apps, and constant reading, but if learning other languages isn’t exactly your forte, be sure to invest in a good course – if it fits in your budget, of course.
After all, it is a skill that is not only a differential in AppSec, but that boosts the curriculum in any area, in addition to bringing benefits to personal and professional development, in general. It’s no exaggeration!
Was this content insightful?
Our YouTube channel is full of AppSec content aimed at developers. Subscribe to our channel so you don’t miss any tips!