Hi Paul! Unfortunately generating an exploit via QARK is not enough. I’m not a developer too so my strategy was to find some “code templates” on the Internet, for example an app to print the content of arbitrary file or a template of app to print a value retrieved by URI. Having 7 days is enough to find proper templates and mix them into working app ;)
Regarding your question what to do next, I would say a great completion of eMASPT in terms of Mobile Security would be OWASP MASVS and MSTG. Read it carefully, test it against some applications and start contributing! You can learn a lot by working with real specialists and I can guarantee you that people there are super open. I’m not active there, because I’m currently focused on different projects, but if you need any information about how to join them just let me know.
What is more, IMHO having a title of “top contributor” or “co-author” in projects like OWASP MSTG is much stronger entry in your CV then any other certificate.

Written by

Interested in pentesting and cloud security | OSCP | eMAPT | AWS SAA | AWS CSS

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store