Skip to content

Latest commit

 

History

History
19 lines (17 loc) · 676 Bytes

misc-notes.md

File metadata and controls

19 lines (17 loc) · 676 Bytes
Raw

Misc notes

  • Most commonly occuring classes of vulns are lack of security headers, XSS and SSRF.
    • Write a blog post outlining the new best practices for security headers.
  • I should focus on the Network+ cert next.
  • An application security program is composed of:
    1. Asset inventory.
    2. Education and awareness.
    3. Penetration testing and vulnerability assessments.
    4. DAST.
    5. SAST & SCA (Software composition analysis aka vulns in 3rd party libraries)
    6. WAF & RASP
    7. IAST
    8. Threat modeling.
    9. Centralized Vulnerability Management (?)
    10. Low level fuzzing
    11. Appsec pipeline
    12. Continuous / Real-time testing.