Appsec · AppSec Journey

Pentest Notes 03 Mar 2026

My CSSLP Study Approach — resources, experience, and things I wish I knew sooner

Let me be upfront: I haven’t taken the CSSLP exam yet.

This post isn’t a “how I passed” story — it’s about how I’m currently studying, the resources I’ve found (and created myself), and why I think this certification is worth pursuing if you’re heading toward AppSec or DevSecOps.

I’m writing this because when I first started looking into CSSLP, Vietnamese-language resources were almost nonexistent. I hope this post helps someone who’s at the same starting point as me.

csslpappsecisc2

Read →

Pentest Notes 26 Feb 2026

Starting the AppSec Journey: Why I Created This Blog

Why AppSec?

Web pentesting isn’t just about finding bugs and writing reports — it’s a process of deeply understanding how systems work, how developers think, and discovering the cracks that builders can’t see.

But after spending time doing pentests, I realized: finding bugs is only half the story. The other half is making sure those bugs never come back — and that’s why Application Security exists.

The 5-Phase Roadmap

I’m following a structured roadmap, from mastering hands-on pentesting to building a comprehensive security program:

appsecroadmapowasp

Read →