Open in app

Sign in

Write

Sign in

Beginner Guide | How to start Vulnerability Assessment and Penetration Testing (VAPT), Bug Bounty.

Harshit Sengar
Hackcura
Published in
2 min readJan 16, 2020

Hi all, I am a cyber security enthusiast.

I was thinking to start write-ups and now i am writing my first write-up. I am very excited to share my knowledge and help the community.

In this write-up, you will get to know about my ways to gather the resources and methodologies and learn new things.

  • First, you have to know about working of applications means how do applications work and communicate, basic idea of networking and internet.
  • You should learn some programming languages and scripting languages such as HTML, CSS, JS, PHP, Bash, Python, Java, etc.,
  • Then start reading OWASP Testing Guide V4, Web Hacking 101, Owasp Top 10, Real World Bug Hunting, Vulnerability’s Blogs on #PortSwigger, #Intigrity, #Detectify, #HackingArticles and other platforms and Vulnerability’s reports on #Hackerone, #Pentester.land and other platforms.
  • Then start practicing with #DVWA, #Hacker101 CTF, #Web Security Academy, #Owasp Juice Shop, and other vulnerable labs.
  • Then start playing some past #CTFs such as #picoCTF, #google CTF, and many more and also play some ongoing #CTFs on #CTFTime.
  • Make an account on #Hackthebox and start playing with vulnerable machines. And you can also get some vulnerable machines from #Vulnhub.
  • Then start watching youtube channels such as #Nahemsec, #Stok Fredrik, #TheCyberMentor, #Zseano, #Jhaddix, #InsiderPhD, #HackerSploit, #LiveOverflow, #John Hammond and many more channels.
  • Then start learning from PenetesterLab. PenetesterLab have awesome resources and contents. You can learn practical exploitation here. I personally suggests you to learn from #PenetesterLab.
  • I will also suggest you an Udemy course — Practical Ethical Hacking -The Complete Course by Heath Adams.
  • Start following Top #Hackers on Twitter.
  • Join some discord channels like #bugcrowd, #hackerone, #hackthebox, and etc., where you can get resources and connect with community.
  • You can also get the resources from Github related to VAPT’s tools, exploitable scripts and others.

All above ways will make you confident in #VAPT and #BugBounty.

Follow me on Twitter.

Thanks guys.😊

--

--

Harshit Sengar
Hackcura

Written by Harshit Sengar

299 Followers
Editor for

Synack Red Team Member | Cyber Security Enthusiast | Information Security Engineer | Penetration Tester

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams