Welcome to Ask A Pentester, where you can get your security questions answered by members of the IT Security community!

Spread the word!

Links

Defensive Programming--Second Steps?

0 votes
My company is paying for me to get the GSSP-J certification as it aligns with where I see myself going in the long run.  (Just started my master's in CS.)

I'm already aware of OWASP top 10, and SANS top-25, and I wanted to know after I learn mitigation techniques for those, would it be advisable to seek training in pentesting in order to deepen offensive knowledge, or should I look down a different path??

The implicit argument is of course, that I will learn better defense by learning better offense.

There is little chance I will be able to find work in the Red Team at work, but at least the company I'm in recognizes the value I'll have by learning defensive programming.  The core of my long-term plans is this:  I don't want to be a PenTester.  I want to be a developer.  Any advice on straddling that line would also be appreciated.
asked 1 year ago in Career, Certs, etc. by avgvstvs (30 points)

1 Answer

0 votes
Hi,

 

I would say... ABSOLUTELY. Although a good start, it's not enough just the theory behind it.

By having compromised a system exploiting a programming error, your fingers will burn the moment you write a similar piece of code :)

This way could you not only reactively patch your code but spot some possible weakness before this code goes to production.

It's always better to have been on both sides of the fence... but you know this already :)

 

Hope this helps and good luck with your CS study!
answered 1 year ago by m0n0sapiens pro pentester (830 points)

Please log in or register to answer this question.

Powered by Question2Answer
Designed by Axiologic SaaS