Four skills that will make you a better Web security professional

People who are at the top of their games such as Formula One engineers, neurosurgeons, stunt pilots and so on have one thing in common: they all have finely-tuned technical skills. This is not just specific knowledge of what they do but knowledge about many other subjects in support of what they do. Working in the fields of information security and software development/quality is no different. If you want to be at the top of your game when it comes to Web security, there are certain technical skills outside of Web security you must possess. Here are the ones I believe you need to succeed:

1. OSI model – merely a way to represent how a computer system works. If you can wrap your head around the OSI model and understand every layer involved it will help you tremendously. Seeing the big picture – not just the application layer – will not only help you find the vulnerabilities that matter and translate them into business risks in your unique environment but also allow you to talk when dealing with developers, project managers, executives, vendors and so on.
2. TCP/IP – building on the OSI model, the suite of protocols and network addressing schemes for connecting the world in which we live and do business today. Understanding the differences (continue reading...)