How to Become an Application Security Engineer

  • Performing code reviews to find and mitigate vulnerabilities within applications or source code.
  • Working alongside application developers to provide guidance on how to fix vulnerabilities within their applications.
  • Scheduling scoping calls for penetration tests (if you don’t perform the penetration testing yourself).
  • Remediating any vulnerabilities found during the penetration test.
  • Configuring and/or making changes to a web application firewall (WAF) which includes whitelisting and blacklisting IPs, responding to security incidents, etc.
  • Managing your companies’ bug bounty program (if it has one). I mention this because I’ve seen it on job descriptions before but I’ve never had any experience with this so I couldn’t tell you what it entails.
  • Understanding and memorizing the OWASP Top 10 (just kidding you don’t have to memorize it but you do need to have a good understanding of it. This means understanding common vulnerabilities such as XSS, SQL injection, etc. and how to mitigate them)
  • Understanding how to read and write code (sorry). Some great languages to learn include: HTML, CSS and JavaScript. Some optional languages to learn are: Java, C++, Python.
  • The ability to communicate effectively with development teams.
  • Familiar with CI/CD pipelines (you probably don’t know what this means so I’ll explain it). It’s basically the process of enforcing automation in building, testing and deployment of applications.
  • Familiar with vulnerability scanning tools such as Sonarqube, Veracode, Checkmarx, etc.
  • PortSwigger Academy (teaches almost every vulnerability you can think of and how to exploit them)
  • Pentester Labs (great for learning basics and how to perform code reviews)
  • Code Academy (great place to learn any programming language)
  • Kontra (another great resource to learn how to secure code)
  • The Web Application Hacker’s Handbook (you can find this book on Amazon and it covers so much)
  • Alice and Bob Learn Application Security by Tanya Janca (this book is great and I think that she also has a course on YouTube @ SheHacksPurple if you don’t want to read the book)
  • TryHackMe (has a web fundamentals path which is pretty good)

--

--

--

Application Security Engineer | Penetration Tester

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Should the tech industry be the arbiters of morality?

Security help whom cause.

8x8 Protocol is Now Available on Poloniex

Africhange’s 20 CAD Reward Referral Program

Data Sovereignty Analysis: current cloud service providers leave data vulnerable

Torum Crypto Social Media Mobile Website Live

Power Coin Airdrop is complete

GamyFi Protocol NFT Battle Royale New Features

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Nick Werner

Nick Werner

Application Security Engineer | Penetration Tester

More from Medium

How to Create a Ethereum Sandbox Environment

BLE Remote Car — Part 1

Circuit diagram for the car

SOAP vs REST And Why We Choose REST For Our APIs

Behind the scenes: Navigating to a URL on your browser