The prospect of Web security engineers is still very good. The work of Web security engineer includes web security training, which is mainly aimed at the security training of developers and operation and maintenance personnel to enhance the awareness of security personnel; Emergency handling of security incidents, how to deal with security incidents when they occur, write a handling report after handling, find out the security problems, and then repair them.

New vulnerability attack and defense research, study some new security vulnerabilities, such as the recent vulnerability research of struts2, domain name hackers and so on. , and formulate corresponding protection scheme.

Open source/third-party component vulnerability tracking, tracking the third-party and open source components used by the company, and fixing vulnerabilities as soon as possible; It is not enough to promote the implementation of safety products only through technology. Sometimes, technology needs to be transformed into safety products to reduce people's workload.