Application Security Overview

My name is Tanner Lueders and I have been working in the Software / Tech industry for about 10 years. During that time, I have been in roles such as a: Frontend Engineer, Backend Engineer, Senior Platform Engineer and most recently Senior DevOps Engineer. Through this experience, I have seen what its like to build web applications and architectures from all angles. It has exposed to programming the client side, backend APIs and building out cloud networks and infrastructure. It also has made it apparent how lacking in security these apps and organizations really are. I won’t name names, but I’ve experienced organizations that didn’t have any security professionals on staff at all.

When looking at what could be a natural progression for me in my career, many options came up, but the most fitting seemed to be an “Application Security Engineer.” Through my experiences I have picked up and actually utilized a lot of the tools and techniques that Application Security Engineers utilize every single day.

I am sure there are many individuals in the same place as myself and are looking to make a transition, but, when looking for articles or references on how to showcase their skills, there are not many blogs or articles that actually walk through what it looks like from a slightly zoomed in level.

The goal of this project is to showcase my security experience through a series of blogs and write-ups as outlined:

  1. Overview (This article)
  2. Threat Modeling
  3. Building a Vulnerable Application
  4. Deploying a Vulnerable Application
  5. Pentesting the Vulnerable Application
  6. Implementing SAST and DAST
  7. Remediation of Vulnerabilities

I hope this provides some insight into my skill set while also providing value to individuals earlier on in their career who may be looking to get into Application Security.