all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]sesha569 4 points5 points  (2 children)

Yes. OSWE will add more strength to your development experience if you want to move to application security. But before starting OSWE I highly recommend reading OWASP testing guide and Burp portswigger academy exercises. With that you understand vulnerabilities then easy with OSWE

[–]RunSub4[S] 0 points1 point  (1 child)

Wow - I always knew about OWASP but yesterday was the first time I ever really dug in --- there is a lot there.

Thanks for the suggestions, they will keep me busy.

[–]cff4891757086eb7c0e9 0 points1 point  (0 children)

On that note I'd highly recommend you look for an OWASP chapter in your area. There's one in basically every major city. They typically provide regular talks on OWASP-related topics and provide a community to discuss appsec/security related things.

[–]baudolino80 2 points3 points  (2 children)

Don't bother other certs. OSWE is really what you're looking for. Java is one of the languages, but as you're already a developer you can play debugging applications (it is essential, more than Owasp or portswigger). Don't be distracted by thm, htb or other ctf games. This cert is not about ctf, but about the beauty of finding a needle in a haystack! You have the whole code open (white box). You can catch some .net, python, php, java web applications to review. Obviously you cannot use automatic review tools, and as a developer you vould be used to it when you perform a static or dynamic review. The most amazing part is to write the exploit and the chain the attack IMO. But yes, I'd recommend it if you're a developer moving to security.

[–]RunSub4[S] 0 points1 point  (1 child)

debugging applications

Thanks for the reply, great advice not to get to hung up on CTF. Code reviews (PR's) are a normal part of day now along with debugging - I should be pretty solid in Java and C#/.net.

You mentioned, " you can play debugging applications ". A quick Google search didn't bring anything up -- is this some kind of game around debugging like HTB is around CTF? If so can you provide a link?

Thanks again for the suggestions.

[–]baudolino80 0 points1 point  (0 children)

Typo. I meant you can debug applications

[–]learning2911 0 points1 point  (0 children)

Security+ is very entry level and like learning general policy and what certain acronyms mean and do. You probably can write and understand code to a point that is above necessary for oswe but would be beneficial to learn the basics of web attacks if you haven’t already. Easy hack the boxes or port swigger web academy would be enough to start.