Hello! I am a amature coder that has recently gotten into security and ethical hacking. I know python and JavaScript and have researched the basics of networking and how websites work and am looking to do bug bounties. I just finished all the lessons in the OWASP Security Shepherd as well as watching all the vids in BCU and am looking for the next step towards web application hacking. I currently feel like I have a solid understanding of how BurpSuite works and about some common web vulnerabilities. I spent a few hours poking around one of bugcrowds programs but got overwhelmed by everything and was afraid I would mess something up. I have decided to to more training before actually applying the skill. Does anyone have a good suggestion for a CFT or other training exercises that would prepare me for web application hacking. Also, is there any programs available right now that would be a good entry point for me? Thanks!
I’d say look at googling Hack The Box for some easy to really hard boxes. Also try the machines over on VulnHub they can be challenging too. Good luck in your endeavours.
Start with vulnerable labs like bwapp,dvwa and play hacker101 ctf.
2 Likes
anyone else finding transitioning from a vulnerable box “test lab” to an actual site a difficult one?