Greetings and Welcome!!
This is my first blog post. I decided to start blog as I am pretty much aware of the challenges and problems new person faces in early phase of the web security. Here, we are going to cover all these things one by one. This post is mostly concerned for new people in this domain who want to get started in web security.
We are going to discuss lots of interesting topics but first, let me ask you one basic question.
what is the importance of research in web security?
I will try to explain this on the basis of my own experience when very first time, I encountered this question.
I started my career two years back as a security analyst. I started learning web security concepts with the help of this great book and couple of test beds like BWAPP, DVWA and so on. These test beds helped me to practically learn and implement the required testing methodology. Now, here comes the best part. After going towards bug bounty program with same set of skills, I found myself helpless. Why?
Because that basic set of skills was needed to be improved for additional skills, tricks and out of the box thinking which I missed. After that, I decided to work hard and get over with this problem. I am not a big bug hunter but just want to share what I have learnt so far.
We all love web security because of these factors:
- Skill building
- Providing defense in depth security
- Bug bounty and acknowledgments ( Best part)
Attack surface towards web security is getting more complicated. In this present era, no of new attack vectors has been arrived in the security world. Some are easy to exploit, some are difficult. Some server side, some client side. But at the end, all are interesting.
In this post, we are going to discuss different things we can follow to effectively get started in web app security from the beginning and earn some good money and fame.
- Get your web application hacker’s handbook and start reading all the basic stuff about how web works. What are different service a basic web application can provide. What is authentication, authorization and session management. What is the expected behavior of the application. This will you an ability to map the application logic while crawling. This book also gives you the idea about Burp-Suite, a most widely used intercepting proxy in web app pen-testing.
- Don’t keep testing dummy application such as DVWA, BWAPP. Why? Because even if we are doing some challenging level, we all know that what exactly we have to find means we are focused for one particular bug. I am not saying that there is no need of these dummy application. Learn all concept and basic test process with these application and move to advance vulnerable machine. I found shepherd very effective for this purpose. you can download this vulnerable VM from here. This vulnerable VM is based on the concept of capture the flag a.k.a CTF which allows you to think out of the box to bypass implemented protections.
- Try to participate in CTFs. This will improve your problem solving skills and you will become comfortable to dig dipper for the bugs.
- Don’t get focused only for application level security issues. Some times a simple full port scan with Nmap can give you juicy and useful information. Facebook’s jenkins bug and Pornhub’s memcache are the classic examples.
- Read good blogs and resources. There are quite amazing people in the community who are doing great job for others. Here, I don’t want to suggest you particular names. I learned so much from Peter Yaworski. He is a great guy and doing amazing job through his youtube channel.
- Watch security presentation and webcast listen them carefully. Some times you can get some good tricks and pro stuff from the discussion. I was listening one of the interview session from Peter Yaworski’s web-hacking series and then I came to know about Gitrob, a strong reconnaissance tool for GitHub. This tool can help you to find sensitive valuable information from GitHub files.