If you want to learn a little more about Greenland Sharks, I recommend the book "Shark Drunk": https://www.goodreads.com/cs/book/show/31348250-shark-drunk Really enjoyable easy read.
For some security specific checks, take a look at: 1. Mozilla Observatory https://observatory.mozilla.org 2. SSLLabs https://www.ssllabs.com/ssltest/ 3. Security Headers https://securityheaders.io/ For a comprehensive…
Regarding onsite/remote, I think it depends on what you choose to specialise in. Most of the web application assessments I conduct are remote but there is still demand for onsite work.
Daniel Miessler has a good general guide: https://danielmiessler.com/blog/build-successful-infosec-car... tptacek, who posts often on HN, also has some wise words:…
If you introduce a bug bounty too early, you will be paying out for vulnerabilities that could be caught or prevented in a much more cost effective manner (vulnerability assessments, penetration tests, developer…
Another good list that incorporates FuzzDB: https://github.com/danielmiessler/SecLists As other commenters noted, strings like DROP TABLES should be used with caution!
If you want to learn a little more about Greenland Sharks, I recommend the book "Shark Drunk": https://www.goodreads.com/cs/book/show/31348250-shark-drunk Really enjoyable easy read.
For some security specific checks, take a look at: 1. Mozilla Observatory https://observatory.mozilla.org 2. SSLLabs https://www.ssllabs.com/ssltest/ 3. Security Headers https://securityheaders.io/ For a comprehensive…
Regarding onsite/remote, I think it depends on what you choose to specialise in. Most of the web application assessments I conduct are remote but there is still demand for onsite work.
Daniel Miessler has a good general guide: https://danielmiessler.com/blog/build-successful-infosec-car... tptacek, who posts often on HN, also has some wise words:…
If you introduce a bug bounty too early, you will be paying out for vulnerabilities that could be caught or prevented in a much more cost effective manner (vulnerability assessments, penetration tests, developer…
Another good list that incorporates FuzzDB: https://github.com/danielmiessler/SecLists As other commenters noted, strings like DROP TABLES should be used with caution!