Full-Stack Developer Seeks Advice on Transitioning to AppSec

The post is from a senior full-stack developer (5 years of experience in JS/TS, Node, React, PgSQL, and AI) seeking to transition into offensive AppSec/vulnerability analysis. Their roadmap includes mastering OWASP Top 10/API Top 10, learning Burp Suite Pro, pursuing OSCP certification, starting bug bounty hunting, and reading The Web Application Hacker’s Handbook and Real-World Bug Hunting. They ask whether OSCP is overkill for AppSec and if their plan is sufficient or missing key elements.