This is a list of resources that can be helpful to researchers that are just getting started, or those that want to improve some core aspects of their research and reporting. Please let us know if you have any suggestions for resources that we should add to this post!
Web Application: - OWASP Testing Project - WASC - How to Kick Start in Bug Bounty
Pentesting: - Red Team Field Manual - The Hacker Playbook
"@maK - Full of good tips and covers a lot more than just web-related security, so this recommendation is possibly aimed at those who are more advanced than beginner. Requires a programming background really."
The Grey Hat Hackers Handbook - 4th Edition is great and covers lots of things well.
Full of good tips and covers a lot more than just web-related security, so this recommendation is possibly aimed at those who are more advanced than beginner. Requires a programming background really.
Thanks, @maK! I've added it
A post was split to a new topic: Help with Setting up proxy
A post was split to a new topic: Help getting started
I created a free Burp Suite video tutorial. I think it is perfect for people starting web hacking, or just need a good intercepting proxy. You can find it here:
Is there any Free Books, or Free Tutorials for the new Ones Like me. To learn New Stuffs of Bug Crowd. Please share me some Links
Hi Mohammed - this page should be helpful to you:
Thanks for your Help Samhouston
Hey I'm new to basically everything when it comes to hacking.Is It possible to go from no computer experience to a professional hacker? Right now I'm studying python and I intend to get the books mentioned above. Thx for any help.
Yes it is, just don't get discouraged when you hit rough spots, like anything else set realistic goals for yourself. A good starting point is the OWASP Testing guide https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents and the OWASP Broken Web Apps virtual machine https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
Hi Gerion, if possible please provide tutorials for thick client application security testing