[Techbrunch]

An example would be to be able to read source code in different languages (Java, PHP, JavaScript, C#) and be able to identify, chain vulnerabilities and write an exploit script to automate everything.

You can find the syllabus here: https://www.offensive-security.com/awae-oswe/

[tptacek]

You're suggesting you might consider getting OSWE in order to learn appsec?

[Techbrunch]

I would not recommend OSWE to learn appsec since it is teaching "Advanced Web Attacks" and assume that you know the basics.

Something that is really interesting I think is the whitebox approach that some people in infosec might be missing if they don't come from a developer background and never botherered looking at the code introducing the vulnerabilities.

If you want to learn appsec I recommend Web Security Academy: https://portswigger.net/web-security

[tptacek]

PortSwigger is great. Certifications, on the other hand, are not a good way to learn appsec.