Hi Hackers, This is VISHNU and In this article, I will explain How I l̶e̶a̶r̶n̶e̶d̶ learning Web application Penetration Testing and the learning resources that I followed. If you are a beginner who wants to learn web penetration testing and got stuck in the learning process, I will explain complete steps .so without wasting your time lets dive into the article.
NB: This is my first article and if any additional resources help in web application penetration please feel free to comment below.
The first thing keeps in mind that learning everything in a single day or within weeks is not possible. You will not learn everything after reading this article. only you will understand the way you can also learn web pentesting.
Basically, Penetration testing is a continuous learning process with a good amount of practice. So we need to learn basic theory as well as practice.
Download any Note taking application
I am using the Notion application for note-taking. If you like this application you can download it from here else you can choose whatever you like.
keep note of whatever you learned…
Learn Basic Theory
The first thing kept in mind is that we want to learn basic web application penetration testing so obviously, we need to learn How Web application works. To acquire basic knowledge of what a frontend, backend, and databases click here.
After learning how web application work then you can check for what are web application vulnerabilities click here
Now you will have a basic understanding of how web application work and their vulnerabilities.
Journey Begins Here…
Some people like to learn from videos and others learn from books. I combined both methods let's see.
First, I watch some vulnerability videos from PwnFunction. Wait a minute don't start finding vulnerabilities in any web application by seeing these videos.
After that, I got to the Hacksplaning website and do some lessons and some basic walkthroughs of vulnerabilities. Then started reading a book called Bug Bounty Bootcamp. It covers common vulnerabilities, how to hunt them, and how to fix them. Now it’s time to practice. Along with this book, you can watch this playlist by Rana Kahlil. Then Go to tryhackme and do OWASP TOP 10 vulnerabilities then start practicing labs in portswigger.
If you have any other resources please feel free to comment below.
Thank ….✅
