i am new here
and i don’t have a background in this field
so to start, should i learn the basics of some languages first such as HTML CSS JS PHP SQL
or can i access to it with just read some books like “ web app handbook” and try to do CTF
I would recommend you to start with web hacking 101 by Peter, then do owasp10 and along with this practice what you learn on vulnerable labs like bwapp,dvwa etc, read h1 public disclosures, follow other peeps on twitter, read blogs and write ups.
Learning programming or having a computer background is not necessary to get started, you just need to be curious and passionate about this field.
i just learned some basic of html
i am trying to CTF but it is difficult
i read some basic about networking
i have “web app handbook”
but i dont have a roadmap
Check this thread out for resources and roadmap.
last question sorry
but i feel so confused
it is necessary to learn HTML CSS PHP SQL JS
or can i read the book ?
thank-you so much
You can ask as many questions as you want , we all here to help.
There is no need to burden yourself with programming yet. You dont have computer background so first try to understand basics of networking, how internet works , how web works , http, servers , clients etc. And spend most of your time learning about bugs and also practice what you learn on vulnerable labs. Ctf (where you have to find a flag using tools) is good but its different from real world applications. You can play hacker101 ctf as those are good and all those ctf have web based vulnerabilities.
And you can join Bugcrowd’s discord channel to ask these type of questions with quick answers.
how do i join the Bugcrowd discord channel?
I am new too but I like the idea of using new exploits on bug bounties. I have read that the public bug bounties have much of the low hanging fruit taken. So, I read up on the top exploits of the year such as portswigger top 10 hacking techniques
hi i am also a beginner to bug bounty. i.e:- i just signed up. i am very enthusiastic as to working around secure systems. but i would appreciate to know as to where i should start from?
Yes really instresting
Where you should start depends on where you’re at. If you’re completely new to hacking/programming/networking, I’d recommend starting with the third chapter of the Web Application Hacker’s Handbook. It covers a lot of the technologies you’ll see in the wild every day as a bug bounty hunter.
If you have experience with security, I’d recommend reading some (A LOT) writeups and published reports. They’ll give you a good idea of what you should look for.