I moved into security consultancy, fisrt as an in-house penetration tester and code reviewer in online gambling, before moving into security consultancy and working on:
Threat modelling, architecture review
Automating security testing with new tools, scripts, etc.
Protik ICT Resource Center Workshops - 21 September
Haven't We Met Before? Using Recent Bug-Fixes to Find New Vulnerabilities.
For a large, robust codebase that has been subjected to regular scanning by commercial and/or open-source scanning tools, there can be difficulties in locating new bugs, particularly in a short time frame.
It's possible to find new vulnerabilities that are missed by traditional code scanning tools by looking at the format and structure of previously identified vulnerable code and using a suitable scanner (Weggli) to find repeated undiscovered instances of similar bugs.
This is particularly suitable for patterns that are spread across multiple lines and those that might be missed by standard scanners.