3. Where to start as a hacker with prior coding knowledge

Where to start as a hacker with prior coding knowledge

I'm the manager of application security and research at a mid-level software vendor with over 400 developers and testers and I want to recommend you ignore all of the more generic advice currently in this thread. As someone with coding experience and interest, you have a unique path to infosec that so many companies want, but find it extremely difficult to hire for.

Any company that ships software has to consider the security of their application - full stop. Most rely on scanners or annual third-party vulnerability assessments for this, but obviously that falls short. They need people who can build security in from an architectural standpoint. Someone who can actually implement the fixes suggested by the above methods, and ideally, someone who can help implement security as an integral part of the SDLC instead of as a bolt-on premise.

My recommendation is to make your way through 24 Deadly Sins of Software Security and The Web Application Hacker's Handbook. If you can understand the bulk of concepts in these two books, you'll be leagues ahead of almost any developer you find yourself up against in a hiring scenario. For the coup de gras, learn about threat modeling. It's a great way to teach other developers security and to build security into any system from design. Check out this book which is actually probably a little too comprehensive, use this card game from Microsoft (it seems silly, but I promise you it works), and watch this talk one of the guys on my team gave at BSides Cincinnati.

If you have any questions, PM me.

/r/hacking Thread
Previous
Next

Recently removed from /r/hacking

What is this on my cellphone? When I searched for it, it came up as a remote monitoring hacking interface, and I suspect that my work may be monitoring my cellphone. I think now, I actually have proof: Can the origin of this be detected? I am referring to the "com.drogecomputing.pro" Can someone answer the following? Is possible that I can get hacked this way? What does the padlock mean on the top left of my address bar? Is that the same as buying a proxy VPN? Bypassing BIOS passwords Find someone from California. A friend says he's been hacked I built Pass | Guess, the Ultimate password vulnerability demo How could one find out more about a phone number? Are there any specific examples of a hacker being forced/compelled by their government to attack another country or business? Certified Ethical Hacking for Pentesting Apple offers $1.5 million reward for anyone who can hack their new iPhone I just found out a website is storing my password in plaintext, what should I do? The NSA says it's time to drop its massive phone-surveillance program NSA Releases GHIDRA 9.0 — Free, Powerful Reverse Engineering Tool – PentestTools

More Random Comments

M1 v M2 Mac Mini In your opinion, (context in comments) are strip clubs sexual? How can we decrease the rate of homelessness? HS should show which multiplier you have right now. (End of season rewards) FairTax, the GOP plan for a 30 percent national sales tax, explained Being in a relationship for someone (post high-school) for more than 1 year with no marriage proposal should be the end of that relationship. I’m really lonely What are some stuff that you learned in school at the time, but has changed since then? How can 21,000,000 BTC be enough for Earth? Buy Vyvanse online.Buy Escitalopram online.Buy Dilaudid Online.Buy percodan online.Buy hydrocodone online.Buy Vyvanse online.Buy methadone online.Buy morphine online.Buy Ritalin online.Buy Focalin online.buy Ambien online.Buy Seroquel online.Buy Xanax online.Buy Gabapentin online. Buy Soma online Is it true to avoid coasting in neutral as much as possible? Second generation immigrants in interracial relationships how did your parents handle you telling them about your SO? EXACTLY how to do a thorough search through cheaters phone? Can A Man Of God Mess With Women? being a poor teen