So happy that I’ve obtained a GIAC Certified Web Application Defender (GWEB) certification that demonstrates know-how on the subject of developing secure web apps!
Well it was a rainy weekend with nothing better to do than study (hard of course). Had 6 books with subjects ranging from input validation to authentication, architecture, tokens and many more. The course is very extensive and although many of the topics were quite known to me, obtaining this certification really allowed me to understand better the dynamics of web apps with their vulnerabilities.
Why a GIAC certification
My current role at the company requires my full attention to build, test and optimize secure web apps which help in detecting different types of attacks and provide reports on that. Being cyber security oriented, it was only natural to chose GIAC because of their expertise and going beyond terminology with practical exercises and many more. There is a lot of information in their course which is useful these days having in mind that attackers can be more and more creative with their tactics hence you need to be prepared for any scenario.
What I expect in the future
Building secure apps requires commitment it’s no hit and run scenario here. As technologies are constantly evolving, many vulnerabilities potentially pop up requiring you to be up to date. Many of the risks cannot be 100% mitigated but you can reach a comfortable score by employing several defenses.
In any case, I’m now more aware of the implications of releasing new functionalities which may contain vulnerable dependencies, I’m more reserved when it comes to perform drastic code or architecture changes. And security is a big concern even for developers. Processes should be adapted by organizations to take into serious consideration the cyber security threats, even if it takes more time to secure and endpoint for instance.
An old saying says: better safe than sorry!