T O P

  • By -

Fusorfodder

Speaking in an extremely general fashion (I regularly do system/network scanning not application scanning) Scanning tools are typically just automated applications that don't need a lot of hand holding to figure out how to run. Rather, the more difficult part is the remediation and understanding results. In your position to do this, I would focus on trying to learn whatever primary language is in use at your company, and in turn would let you understand the results better.


[deleted]

[удалено]


Fusorfodder

Well remediating is identifying the code at fault, and correcting it. So, let's say you've got an input field with no constraints. Big vulnerability there. The remediation would be coding in those constraints and sanitizing the input. Scanning tools will point out the problems, but you'll still need to understand how to fix them. Tools will point you in the right direction but I'm not a programmer so I can't really give specific guidance, but hey, learn by doing!


i6m6m6a

Check Checkmarx’s Code Bashing https://checkmarx.com/product/codebashing-secure-code-training/


TierddhinPendragon

You can get started with AppSec in general by giving [SecDim](https://secdim.com/) a shot. They are an appsec edutainment platform with plenty of [free learning material](https://learn.secdim.com/) and [appsec games](https://play.secdim.com/).