Security in the world

New professions

Penetration tester

This new profession well established in industry at the beginning of 2000 years. It includes web project hands and automatic testing for searching of vulnerabilities and security flaws. Most often this is black-box testing when the researcher does not have the source code of the product.

Security Engineer & Architect

This is an integrated approach to security in contrast to the Penetration tester. People of this profession make safety plans, manage risks, conduct code review to identify vulnerabilities. Interact with the department of system administration and DevOps to achieve a high level of security for projects and companies.


Capture the Flag

Capture The Flag competition

A new type of sports Olympiads in the field of information security Capture The Flag (CTF). Aimed not only at students, but also at industry professionals, not inferior in terms of programming competitions ACM.

All the upcoming and past competitions with the write-ups of some tasks are published on the website CTFTime. There are many sites with online quests, close to real cases and where you can practice:


A new type of business is a security audit

A number of companies engaged in the audit of other sites for the purpose of searching vulnerabilities and make recommendations for their correction. Basically, customers are state structures and business companies that do not have a large staff of Penetration Testers and Security Engineer & Architect. Examples of companies are:

Security Audit

Conferences

Security conferences have become as large-scale as the software developer conferences. The brightest of them are:


Bug bounty programs

Almost all major sites have Bug bounty programs for searching vulnerabilities. In them they list the participating domains, applications and make significant monetary payments for the vulnerabilities found by anyone who found it. Many professional Penetration testers earn income exclusively with these programs. The main sites for hosting Bug Bounty programs are:

Also, many major sites host programs on their websites. There are:

  Same-origin policy →