Web application security positions have many titles associated with them. Call it what you want, but the main objective of this position is to defend web applications and their digital assets from cyber-attacks.

You may be looking to upskill your current team or hire new talent to fill those skill gaps. Or maybe you’re looking to elevate your own skills and career. Whatever your goals, welcome to the IT Career Skills Series. In this 10 part series, we will breakdown the top skills for each role your need on your IT dream team.


What Does A Web Application Security Officer Do?

A web application security officer deals specifically with security of websites, web applications and web services. They will know what vulnerabilities to look for in the development stack, application code, web network and database configurations. They are constantly scan and test for vulnerabilities knowing that the faster a breach is detected and contained the less costly that breach will be for the company.

11 Essential Skills for Web Application Security Officer

Security Knowledge

Here the web application security officer must be the subject matter expert with intimate understanding of common internet attacks (past and present) including various types of fraud and scams. The web application security officer must have a solid grasp of how the web works, understand various web application architecture components and how attackers exploit those components.

In addition, a deep understanding is required in contemporary standards, practices, procedures and methods used to prevent flaws and weaknesses in the environment. Last but not least, staying current with breaches around the web, compliance mandates and laws not only in the organization’s country, but in any country in which the organization does business.

Security Policy Creation and Enforcement

The web application security officer is responsible for documentation and planning for all web security-related information, including incident response and recovery plans. Establishing and enforcing protocols, security measures and controls are also required in this position. Also required is constant surveillance and evaluation of current policies against new standards and laws as well as flaws identified internally or externally discovered by others throughout the industry.

Knowledge of Application Security Testing Tools

There are many Application Security Testing (AST) tools available in the industry. Their benefits include increased productivity and efficiency, repeatable and scalable tests, finding known vulnerabilities, issues, and weaknesses, and enabling users to triage and classify their findings. Deploying these tools takes time and expertise. The web application security officer must be familiar with the tools available, understand which tools will provide the most bang for their organization’s buck as well as how to incorporate those tools into the web application development lifecycle.

OWASP Global AppSec – DC 2019