DEV Community

How To Become A Web Security Researcher?

sinxloud on September 30, 2018

This post is part of an article originally published here. In essence, cybersecurity is all about discovering non-default uses of everyday techno...
Collapse
 
sinxloud profile image
sinxloud • Edited

I am simply suggesting that you must be aware... I don't think you have to go and ahead learn how to build things using a framework but if you have to find bugs, you should be able to read through the code...

 
sinxloud profile image
sinxloud

If it doesn't matter for web security then Web Application Security is a joke.

I encourage you to refer to this security report :

CRITICAL Account takeover via AngularJS template injection in connect.squareup.com

hackerone.com/reports/26700

$2000 bounty paid by Square...

 
sinxloud profile image
sinxloud

OK...

Thread Thread
 
projectrhonin profile image
Rhonin

It matters in so far as: at the end of the day you have to provide guidance to developers, who may or may not understand the security implications at a deep level. These developers are possibly using "common" frameworks and you need to know what these frameworks do and don't bring to the table. Some do common validation and output encoding for example. Some use functions with cryptographic weaknesses ECT ECT ECT. You wouldn't be able to provide guidance to them if you don't understand the framework they are using (ie the way the language is implemented).

Its also important in pentesting because it allows you to target commonly used packages and implementation for research or do hit known vulnerabilities.

Thread Thread
 
sinxloud profile image
sinxloud

We are talking about security researchers. read this article again.

Collapse
 
ethan1997 profile image
Ethan

Your post helps me a lot! Thank you

Collapse
 
sinxloud profile image
sinxloud

i am glad it helped.. :-)

 
sinxloud profile image
sinxloud • Edited

Please suggest a weekly source for the best frameworks used.

 
sinxloud profile image
sinxloud

commonly used..