Beginner Guide | How to start Vulnerability Assessment and Penetration Testing (VAPT), Bug Bounty.
Hi all, i am a cyber security enthusiast, security analyst and a member of Hackcura.
I was thinking to start write-ups and now i am writing my first write-up. I am very excited to share my knowledge and help the community.
In this write-up, you will get to know about my ways to gather the resources and methodologies and learn new things.
- First, you have to know about working of applications means how do applications work and communicate, basic idea of networking and internet.
- You should learn some programming languages and scripting languages such as HTML, CSS, JS, PHP, Bash, Python, Java, etc.,
- Then start reading OWASP Testing Guide V4, Web Hacking 101, Owasp Top 10, Real World Bug Hunting, Vulnerability’s Blogs on #PortSwigger, #Intigrity, #Detectify, #HackingArticles and other platforms and Vulnerability’s reports on #Hackerone, #Pentester.land and other platforms.
- Then start practicing with #DVWA, #Hacker101 CTF, #Web Security Academy, #Owasp Juice Shop, and other vulnerable labs.
- Then start playing some past #CTFs such as #picoCTF, #google CTF, and many more and also play some ongoing #CTFs on #CTFTime.
- Make an account on #Hackthebox and start playing with vulnerable machines. And you can also get some vulnerable machines from #Vulnhub.
- Then start watching youtube channels such as #Nahemsec, #Stok Fredrik, #TheCyberMentor, #Zseano, #Jhaddix, #InsiderPhD, #HackerSploit, #LiveOverflow, #John Hammond and many more channels.
- Then start learning from PenetesterLab. PenetesterLab have awesome resources and contents. You can learn practical exploitation here. I personally suggests you to learn from #PenetesterLab.
- I will also suggest you an Udemy course — Practical Ethical Hacking -The Complete Course by Heath Adams.
- Start following Top #Hackers on Twitter.
- Join some discord channels like #bugcrowd, #hackerone, #hackthebox, and etc., where you can get resources and connect with community.
- You can also get the resources from Github related to VAPT’s tools, exploitable scripts and others.
All above ways will make you confident in #VAPT and #BugBounty.
I will publish write-ups related to #CTFs, #VAPT ( web, mobile, api,network, thick client, iot and cloud), #Methodologies about Recon and Finding Bugs.
So stay tuned with me.
Follow me on Twitter.