I am going to be taking on some more responsibilities within my org. To make myself more marketable, I will be learning more about our AppSec practices as well over security practices in our SaaS environment. Any tips on what to start focusing on? As there will be knowledge dump, I was thinking about some certifications? Looking for some places to start. The reason I'm doing this is to help speed up our response times to RFP's and security assessments.
Company I work for has tons of info if you're just looking for a brain dump. Veracode.com/security. Start with XSS and SQL injection content there.
Tech Industry
Yesterday
342
Chances of meta clearing E5 with screwing up one coding one round and acing all other
Health & Wellness
Yesterday
5735
Why are women naked in gym?
Software Engineering Career
Yesterday
765
Did the googlers deserve to get FIRED?
Layoffs
2d
39579
Google CFO confirms 'large-scale' layoffs (Apr 17)
Tech Industry
2d
51688
Goog Employees Arrested
AppSec is very oriented towards OWASP essentially. Learn burpsuite and OWASP. Considering you might have access to source code it can be easier to find weak points, say, non-escaped entry fields in forms/back ends for XSS. Start with OWASP and Burp.
Yeah. Get really, really, really familiar with the OWASP Top 10 and think about where instances of those vulnerabilities might occur in your app(s).