I’m kinda new around here and want to know all I can about finding vulnerabilities in source code and apps, so I’d really appreciate it if you could give me some tips you think are essential for this. I know it’s not an specific topic but I was thinking this could also help all the other new people in the job or teach everyone something they didn’t know.
Read the writeups repository, mainly all *.feature files, specifically inside the static detection section: https://gitlab.com/fluidattacks/writeups/tree/master/vbd
CWE, CAPEC could be a nice source of info.
Finally, all the security requirements are another source of inspiration: https://fluidattacks.com/web/rules/
Also for apps you can check OWASP top 10 security risks.
There you can check the most common vulnerabilities on apps, also you can search those on code, or if you find one vulnerability on the app I suggest you to look on the code too.
With this you are going to start building your knowledge base.
@avid-joker my reply or the one from @blue-snot cleared your doubts? If the answer is yes, please mark the topic as solved and if you want give a like or a feedback. If you have more questions about the topic don’t hesitate to ask more.
Yeah both answers were really helpful, thank you very much