1

I'm having trouble finding literature and courses specifically applicable to my field ( as a software developer who works on mobile and web applications ). What term or title best describes the security field that encompasses mostly just the areas I'm interested in? (below). If there isn't a term for it I would accept a course that covers most of the areas highlighted. I'm not seeking to change career and become a security analyst, I just want to be able to understand what I'm doing. Right now I pretty much just blindly follow OWASP guidelines if an issue is raised.

Specifically I'm interested in the following topics

  • TLS/SSL - advanced details of the networking as well as the encryption
  • Hashes, salts and other forms of encryption ( sha256 etc )
  • Obfuscating source code and encrypting keys on devices.
  • Secure key storage - how to decrypt safely in a client
  • Authentication & Authorization ( including OAuth etc. )
  • Pen testing and decompiling code from the applications

I am specifically not interested in the following

  • HCI for security
  • Layering security, security management, security policies
  • Secure software development lifecycle ( I'm interested in the technical side of development, not the software lifecycle. My company has an SSDL in place )
  • Firewalls, ACLs, routers
  • network pen testing - port scanning etc.
  • physical security
LiamRyan
  • 111
  • 2

1 Answers1

2

The term you're looking for is Application Security

It's not a perfect fit for what you described though as it does include the idea of the lifecycle.

There's no one term that exactly describes what you do and don't like to do.

Maybe web application security could apply too. A lot of people want their applications evaluated in the context they will be used, which includes the lifecycle of the application and it's environment (network).

There's some companies that do dynamic software analysis or source code review.

Daisetsu
  • 5,110
  • 1
  • 14
  • 24