Getting started in web application security

Dear All,

If you are new in the field of web application security, then here are some of the resources that can help you get started.

BOOKS

The web application hackers handbook - Stuttard & Pinto --> the best resource to start from basics.

ONLINE RESOURCE

Start with the basics, Learn from MDN docs, visit the site - https://developer.mozilla.org/en-US/

and read from the resources section. A lot of foundational stuff is there.

 

The OWASP foundation's OWASP top 10 - https://owasp.org/www-project-top-ten/

The foundation of all the web application testing that you will be doing.

 

Practical hands-on learining

• Signup to Portswigger web security academy - https://portswigger.net/web-security. Access the free labs, read, understand the vulnerability and practice online. It is important that you read the supplementary articles provided with the exercises to get a better understanding on the issue.
• Visit: tryhackme.com and access multiple cloud labs for free.

TOOLS

List is long, depending on your objectives, the most basic ones will be  - BurpSuite community edition, OWASP ZAP, Browser - Yes, learn to utilize the features of your web browser it will be helpful.

for specific use case on other tools, you can open a thread and ask, but the above tools will help you start your journey to web app security.

 

VIDEOS

There are multiple channels on youtube that teaches about the web application security, you can search on your own and try to understand the web security vulnerabilities from multiple sources and expand your knowledge.

 

Web Articles

you can use Reddit and its sub topic r/netsec

if you use telegram - t.me/RNetsec

 

do drop a message if you need more information.

Remember - Persistence is the key.

Best of luck to all.

Regards,

EvolutionSec.