What to do after learning Basics of web application pentesting


#1

Well i have seen a lot of peoples asking questions how to get started in web appilication penetration testing. And if you will search these kind of articles on google you will find bunch of them. That’s good … But the problem starts here … We all know everyone suggests learn
-Web App Hackers Handbook
-OWASP TOP 10
-Some BAD web app
-Some Practices and etc etc

but that doesn’t make a super champ or Even you cannot participate in bug bounty programms ! I mean the experts atleast should talk about what to do after learning these basic stufffs


#2

true…all of these books won’t rly get you in the real world hunting


#3

true sir :smiley:
Reading Books and practicing without the help of an expert, you doesn’t make you a champ


#5

I’d focus on what you’re interested in and what you’d like to learn more about. I’d watch videos and presentations from researchers that you admire or think have done cool stuff. Learn their techniques and tactics.

Check out our videos from LevelUp last year. They have a TON of useful stuff:


#6

awesome ! Thanks !


#7

most of the hunter i know has followed these steps you have mentioned:
-web app hackers handbook also known as “web app hacking bible”
-owasp testing guide v4
-web hacking 101- how to make money hacking ethically
-Mastering Modern Web Penetration Testing

  • Breaking into Information Security: Learning the Ropes 101 by Andy Gill
    These books gave you huge amount of knowledge about bugs,how to find bugs,where to find bugs,tools and all others things that are enough for a newbie to start practicing his skills on vulnerable labs.
    apart from these you should read other hunters blogs,write ups,watch poc videos , conference videos. search for them on google and youtube. These books are not just for reading. For example if you’re reading about XSS and after getting good understanding of it practice your skills on vulnerable labs,read write-ups about Xss , watch Xss poc. tighten your grip on one vulnerability before going to next vulnerability. makes your own notes about bypassing different kinds of filters, encoding techniques and all.

If you have followed these steps properly then in my point of view you have enough knowledge for hunting bugs. i myself followed this flow and able to find some bugs in just some days.

Ignore my mistake as English is not my first language and stay motivated.
Good luck.