HackerTrans
TopNewTrendsCommentsPastAskShowJobs

alp1n3_eth

no profile record

comments

alp1n3_eth
·last year·discuss
You're a frontend web developer, so I'm assuming you're going to want to work in the areas of either:

1) application security engineering 2) application penetration testing 3) devsecops 4) vulnerability management

It really is a big difference from each person on how they "break into" it. You've got great foundational qualifications, and probably just need to layer on extra "security" ones, if you don't already have them. If you're looking to start a company / start freelancing -- I've got no clue about that though.

If you're just dipping your toes further into the web app security side, OWASP has great labs, resources, etc. They have the WSTG (more for pentesters) and ASVS (more for devs), and of course their cheat sheets as well.

PortSwigger has great resources to read through on vulnerabilities and labs that will cover a ton of different vulnerabilities. HackTheBox also offers certification pathways: CBBH and CWEE, CBBH is more beginner/intermediate and involves a blackbox approach, where CWEE is more whitebox (from what it looks like).

Just because systems have gaps, doesn't mean the orgs actually want help with those gaps, esp. unsolicited. You could always take a look at bug bounty as well (through HackerOne or BugCrowd), but it can be pretty brutal for a beginner as it can involve a ton of recon or "going deep" to reach untouched areas of an app.
alp1n3_eth
·last year·discuss
I'm glad I was introduced to NeoVim, because it led me to using Vim bindings in Zed.

As a new user to NeoVim, I was okay with investing some time, but man it feels like each update to NeoVim itself, or even the popular plugins, breaks something that I then need to go hunt down and fix. Every answer online isn't any better, pointing to 5 different doc pages. I like my IDEs to "just work" and continue to do so after I have them configured.