Beginner Guide | How to start Vulnerability Assessment and Penetration Testing (VAPT), Bug Bounty.

Harshit Sengar
Jan 16 · 2 min read

Hi all, i am a cyber security enthusiast, security analyst and a member of Hackcura.

I was thinking to start write-ups and now i am writing my first write-up. I am very excited to share my knowledge and help the community.

In this write-up, you will get to know about my ways to gather the resources and methodologies and learn new things.

  • First, you have to know about working of applications means how do applications work and communicate, basic idea of networking and internet.
  • You should learn some programming languages and scripting languages such as HTML, CSS, JS, PHP, Bash, Python, Java, etc.,
  • Then start reading OWASP Testing Guide V4, Web Hacking 101, Owasp Top 10, Real World Bug Hunting, Vulnerability’s Blogs on #PortSwigger, #Intigrity, #Detectify, #HackingArticles and other platforms and Vulnerability’s reports on #Hackerone, and other platforms.
  • Then start practicing with #DVWA, #Hacker101 CTF, #Web Security Academy, #Owasp Juice Shop, and other vulnerable labs.
  • Then start playing some past #CTFs such as #picoCTF, #google CTF, and many more and also play some ongoing #CTFs on #CTFTime.
  • Make an account on #Hackthebox and start playing with vulnerable machines. And you can also get some vulnerable machines from #Vulnhub.
  • Then start watching youtube channels such as #Nahemsec, #Stok Fredrik, #TheCyberMentor, #Zseano, #Jhaddix, #InsiderPhD, #HackerSploit, #LiveOverflow, #John Hammond and many more channels.
  • Then start learning from PenetesterLab. PenetesterLab have awesome resources and contents. You can learn practical exploitation here. I personally suggests you to learn from #PenetesterLab.
  • I will also suggest you an Udemy course — Practical Ethical Hacking -The Complete Course by Heath Adams.
  • Start following Top #Hackers on Twitter.
  • Join some discord channels like #bugcrowd, #hackerone, #hackthebox, and etc., where you can get resources and connect with community.
  • You can also get the resources from Github related to VAPT’s tools, exploitable scripts and others.

All above ways will make you confident in #VAPT and #BugBounty.

I will publish write-ups related to #CTFs, #VAPT ( web, mobile, api,network, thick client, iot and cloud), #Methodologies about Recon and Finding Bugs.

So stay tuned with me.

Follow me on Twitter.

Thanks guys.😊


Information Security

    Harshit Sengar

    Written by

    I am a cyber security enthusiast and security analyst.



    Information Security

    Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
    Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
    Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade