Hi everyone, I am new one in this community, I just need your some help. I wanna know which languages should I learn to get into Web Hacking and master it. If you want to tell me about any other thing which helps me to get into more deeply Web Penetration testing, then kindly tell me.
Right now I know the basics of Html5, CSS3 and some bit about Javascript.
Thank You!
Hi Mayoub01 - it might be worthwhile to look into json to see understand how that works.
You don’t need to know how to programming persay, beyond scripting stuff in Burp Suite. It’s better to have an understanding of how things work since you can use that knowledge to figure out how to break stuff
Thank You samhouston. It is really helpful.
im new too, but i think js would be handy, and backend stuff too. i cant give advice since im new, and know bit of python, html5 css3 and very little js. js maybe handy when snooping thru js files
jason haddix did a kick ass youtube vid called bug bounty methodology and part2 and explains some great things
Thank You for your reply
Everything you can learn is good unless you want to focus in just one kind of vulnerability.
Learning to build web applications I think is useful because you get all the knowledge to understand what you are doing. However, almost all of the worst bugs I have heard of and which were paid really good, are not technical.
IDOR and lack of CSRF protection is the most basic and simple things anyone can test, even my parents if they wanted to, but usually those are the worst bugs because you can really impact a company. Sometimes a RCE is not as critical as an IDOR.
Sadly I get bored easily with those kind of bugs, but they are usually critical and well rewarded.
Good points, IDOR ref OWASP Top 10 IDOR https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References
Also, How a simple IDOR become a $4K User Impersonation vulnerability https://shahmeeramir.com/how-a-simple-idor-become-a-4k-user-impersonation-vulnerability-705291b55c0d
Thank you for sharing that.
Thank You for your reply