Hi fishes,

Can anyone help me with some online resources for learning SAST, DAST and web pentesting. Any YouTube playlists or other resources or courses which could actually explain concepts practically.

TIA.

like
Posting as :
works at
You are currently posting as works at

If you want to dive into web application testing, portswigger's web academy is by far the best resource. Its free. Both theoretical and practical. You get to practice what you learn by means of labs (ranging from beginner level to advanced).

Also, OWASP web application testing guide is another great resource in my opinion.

like

Thank you for the information!!

i am not sure about sast but for dast try hack me web app pentesting path is a good idea. In youtube channel's live overflow, david bombal, john hammond are good resources. But you will have to filter relevant content as they make video regarding multiple topics. Practice port swigger exercises and you can read the owasp web testing guide 4.0 for test cases. This will be helpful for interviews in other comapnies later too. For SAST first try to understand the defects like xss etc in then look at code snippets. Also reading the tool recommendation before looking at the code helps clear my mind. I think pentesterlab as code review related exercises. You can also try xss rat bug bounty course for dast/web app pentest.

like

Thank you for the info

Related Posts

This may be a dumb question: do I really have to have an MBA to get advisory/consulting type of positions? Does intelligence automation/data analytics type of consulting also need an MBA? Or an analytics degree will help much more?

like

How are you handling reviews/ reputation management for social media? For multiple (1000) location business? Talking with a client and this is part of scope.

Is $PLTR a good buy right now? I've been watching the price action for the longest time and I've been waiting for a good 'dip'. Now it's trading around $17.

Thoughts?

like

Is it normal to be offered a job position and have to accept the job within 24 hours — no pay negotiation discussion whatsoever either?

like

I just found out that my CPA failed to file my returns and submit payment on time even though they confirmed on the 18th that it was going to be filed that day. I do corporate taxes and have extremely limited experience in personal taxes. What should I be concerned about here other than the penalty and late fees for their negligence?

like

Anyone know of a comprehensive list of things to do/keep in mind as part of resigning and starting a new position at a different company? Want to make sure I have everything covered.

like

How to push for promotion? I am doing much more and much better than peers at the level above me. Ie: level of hires, time to fill, number of hires, building partnerships with internal stakeholders. Being recognized by candidates, hiring managers, nominations for awards each quarter, winning a couple. Been in this role for 1 year, foot on the gas the whole time.

like

How do people have time to workout during the week? I work so many hours.

like

Hi All,
I am looking for a Full-time Human Resources job in Toronto, Canada. I am targetting either a entry-level role or a associate-level role. I have total of 3 years of experience - 2 years in IT recruitment and 1 year in people operations (in India). I am a recent graduate from Durham College, I have completed my post-graduation certificate in Human Resources Management. I am available and eligible to work full-time immediately. Any help would be much appreciated!

like

Hi, my mom in India, going through dialysis due to failure of both kidneys. Are there options to continue her dialysis in US? Any knowlwdge of insurance coverage? Any inputs based on your experience?

Guys can Anyone confirm if we accept offer from TCS and dont join can we join later? I am getting varied response, some say they blacklist some say they don't.

like

Which is a better option?
MS / MBA / PMP

Having 6+ yrs of work ex as a developer.

like

Deloitte (Sr Manager in AI Cognitive Practice).
VS..PWC (Director in Cloud practice)
What do you suggest in terms of $$ , and career growth, culture /work life balance….

like

Based on posts the last couple of days, wondering if we should ask that ACN bro/sis to post Merry Christmas Fam instead of Jummah Mubarak

funnylike

En direct ou décalé ?

Post Photo

Anyone promoted mid year, have you seen a base pay increase?

like

I have a weird experience with KPMG India . Two weeks ago I had salary negotiation with the HR manager. He told me that the offer will be released in a couple of days but I haven't received the offer letter yet.I tried reaching out to the HR manager but didn't receive any response. Shall I take it as no?

likehelpful

One key selling point, as they are trying to offer is the opportunity to work one day a week to use for things like training, acquiring certifications or building applications that you are interested in.

This sounds amazing. I don't get that at my current job. So, is this too good to be true? I would like your opinion on this.

like

Hi! I understand ACN’s bonus cycle starts June 1 (meaning I must be employed by May 31). If I join the org end of June, could someone share POVs on pros and cons of this timing implication? Is there anyway I can minimize the full year bonus/review with my manager internally?

like

Any Senior FAs looking for an experienced Junior FA? NYC/LI Area.

like

Additional Posts in Cyber Security Professionals

Hi all,

I am looking for a job switch and have 5 YOE as Information security analyst. Pls help me with any referrals.

like

I am actively Looking for Job Change having 2.8+ yrs of experience in Cyber security domain ,#cybersecurity, #networksecurity , #SIEM , Log analysis, incident response, threat hunting and vulnerability assessment. Ready to relocate , Any leads could be helpful for me. Hope to hear from you soon. For further information please contact me.

I am looking for change the firm either to uk / Canada

Can I get Visa sponsership to change .. if yes please help me out.

like

What is the market range for a professional having 15+ yrs of experience into infosec? Location would be Bangalore.

Hi, all looking for a job change with good package.

I am 6 years experienced. A cyber security and information security professional with skill sets in, Vulnerability assessment and management, endpoint security, SAST, DAST, DevSecOps (1.5 years), AWS and Azure, ISO 27001 internal audits and OSINT.

Let me know if anyone can refer me.

like
like

Hi All,

Need referrals in Application Security domain.
Skillset: Web Application Security Testing(SAST and DAST), Penetration Testing
Yoe:2.5

Help appreciated:)

like

Hey guys, how to crack the interview at EY GDS for penetration testing as a fresher?

like

Hi all,
Im second year M.tech student
Im fresher and I have two offers need help to decide best fit for me

Company: Eaton Corporation
Role: Cybersecurity Engineer
CTC: 11 LPA (fixed)
Location: Pune (Magarpatta)

2nd one is Tata Digital where im interning. They will release PPO (Pre-placemet Offer) soon.
Role:in Cybersecurity Domain (not decided yet)
CTC:11 LPA+ (not decided yet)
Location: Mumbai (Fort Area)

Both offers having similar job profile. Which company will be better for Cybersecurity role?

like

Any open roles in GRC ? ISO/PCI/TISAX , Audit/ Compliance?

like

Hi guys
Has anyone attended
Nike for penetration testing role?
Need your inputs on something

Nike

like
like

Hey fishes ,

Can someone in
Accenture refer me to job JOB NO. 57763?

Thankyou

Hello Fishes, Does anyone know how much does a Staff Engineer get paid annually on an average at Synopsys Inc. I have an interview coming up would like to get an idea before disclosing my expected salary to the company.
Domain: Cybersecurity
Location: India

like

Interested plz DM with job roles and email id to apply

Post Photo
like

Age, gender, tech stack, yoe, ctc, company name

like

Hello,
I am about to finish my notice period working as a SOC L1, yeo 2 please help me with how much I should ask for salary in next company, ctc 4.26 total year of exp 4

like

Any security engineer from MAANG, Microsoft, Flipkart here... I need some help.

Hello Fishes,

Any references for Threat Hunting position in Pune?

If yes please do let me know......

like

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Send download link to your phone

OR

Scan your QR code to download
Fishbowl app on your mobile

By continuing you agree to Terms of Use and Privacy Policy.

Messaging rates may apply

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal