OSWE trip

What is the OSWE

Inspection code audit, the exam is sent to you two website source code, through the audit of the source code to find getShell vulnerability chain, finally getShell can be. Detailed should not ask me, to information security has some understanding of the people should know.

Brief introduction

I do not have any basis of code audit, so I am not clear about many security problems arising from development, and I am not very clear about the familiarity of the developed code.

My technical stack is in some offensive defense and simple front-end exploit generation, I am not familiar with how to exploit the vulnerability generation.

Why OSWE

In terms of personal development

I want to switch to a career in code auditing, so this certification can serve as an opportunity to get started in that direction. I’ve been lost in a lot of directions before, but in the end I think security comes from development or operations mistakes, so security is all about development and operations. Whether it is the Internet of things or hardware development, wherever there is code, there may be security problems. At this time, the role of a code audit engineer comes into being.

From the point of view of pushing yourself

Don’t let yourself be lazy. Everyone is a lazy dog without a goal. So I hope I can accomplish my goal more every day.

What are the plans and arrangements?

I will go from zero to OSWE certificate in three months.

During the first month you will learn a lot about the basics of code auditing.