I'm a web developer with about 7 years experience, but for the last 12 months I've been getting into cyber security so I've started implementing secure code practices and OWASP good practices at work. I've been preparing to do my OSCP an I've done a few CTFs because pentesting seems really interesting although I think application security is more me.
I've noticed app sec guys dont have/require large collections of certifications like pentesters do.
1) apart from reading web app hackers handbook, implementating OWASP secure methodologies and doing CTFs, how else can I get into application security without purchasing pwk course (OSCP)?
2) Is it worth taking OSCP to become an application security specialist or any other cert?
3) What's the big difference in terms of daily job tasks between network penetration testing and web application security?