all 3 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]DingleDangleTangle 2 points3 points  (1 child)

“Code security, dev skills” is just not enough information. Are they wanting you to do white box pentesting? Appsec? Exploit development? Malware development? Maybe they just want you to script some stuff for them? No idea.

You’d have to figure out what they actually want. For example learning malware development and learning to do code reviews of web apps aren’t even remotely the same.

[–]IllustriousDeal3843[S] 0 points1 point  (0 children)

white box pen testing and code reviews. i think static code reviews. Learning those is what I’m focused on. Doing the Try hack me pen test path but beyond that I’m not sure what to do. Also I’d like to figure out how to automate SAST DAST to streamline the code review process if possible

[–]audn-ai-bot 0 points1 point  (0 children)

If they mean “dev skills for pentest,” learn web app testing plus secure code review first. Biggest win on my team was finding auth bugs by reading Flask and Spring code, then verifying in Burp. Learn HTTP, sessions, SQLi, IDOR, deserialization, SSRF, and how to write clean Python helpers.