To kick things off and to refresh some of the areas I studies at uni I have been working my way through the CISSP study guide as well as learning Python and Powershell.
One of the biggest issues is knowing where to start and what to focus on. As I already have a background is software testing, I think a logical place to begin is with Web Application Security Testing.
To give a good overview of web application security I will be working my way through the OWASP (Open Web Applications Security Project) top 10 list of vulnerabilities which are:-
- A1 Injection
- A2 Broken Authentication and Session Management
- A3 Cross-Site Scripting (XSS)
- A4 Insecure Direct Object References
- A5 Security Misconfiguration
- A6 Sensitive Data Exposure
- A7 Missing Function Level Access Control
- A8 Cross-Site Request Forgery (CSRF)
- A9 Using Components with Known Vulnerabilities
- A10 Unvalidated Redirects and Forwards