If you love cybersecurity and want to start web pentesting, you're in the right spot.
I'm excited to share a list of resources and platforms that helped me start and continue in my career.
You'll find guides, training platforms, and GitHub repositories here.
You can find the content of this article in video form on my YouTube channel:
The Open Web Application Security Project (OWASP)
The OWASP Project is a treasure trove for web application security. It's an open community with guides, tools, and resources to prevent web threats.
OWASP Top 10: This guide lists the most common and critical vulnerabilities you'll encounter on the web.
OWASP Web Security Testing Guide: A 465-page document covering various security testing techniques for web applications. It's essential for a deep understanding of web vulnerabilities.
PortSwigger
PortSwigger is known for the Burp Suite application, a key tool in web pentesting. They also offer many free resources for learning about web vulnerabilities.
HackTricks
HackTricks is a community wiki for cybersecurity tips and techniques. It has a special section on web vulnerabilities, with lots of details and tools for exploiting loopholes.
PayloadAllTheThings
PayloadAllTheThings is a GitHub repository with an impressive collection of payloads. These are codes or commands you can inject to test and exploit vulnerabilities. It's a must-have for any pentester.
Bug Bounty write-ups
Bug Bounty write-ups are reports by hackers who found real flaws in web applications. They show you the techniques used and how to spot subtle vulnerabilities.
- https://pentester.land/writeups/
- https://hackerone.com/hacktivity/overview?queryString=disclosed%3Atrue&sortField=latest_disclosable_activity_at&sortDirection=DESC&pageIndex=0
Training platforms
HackTheBox
HackTheBox is a top training platform for pentesters. It offers virtual machines to compromise, with realistic scenarios covering various vulnerabilities. It's free with some limits, but a subscription is highly recommended.
TryHackMe
TryHackMe is a cybersecurity training platform accessible via a browser. It's suitable for all levels, from beginner to advanced professional. It offers practical guides and challenges to help you improve continuously.
Root Me
Root Me is another excellent platform offering challenges in different areas of cybersecurity, including web vulnerabilities. The challenges are varied and regularly updated, keeping you at the cutting edge of modern techniques.
VulnHub
VulnHub lets you download vulnerable virtual machines for local training. You can run them on environments like VirtualBox or VMware. They offer a high degree of realism and are perfect for advanced training.
Other resources
Discord Secureaks : Chat with other enthusiasts, share your discoveries, and get direct help on your cybersecurity projects.
Conclusion
This is a quick overview of the best resources for web pentesting training. The key is to stay curious, explore different paths, and practice regularly.
If you found this article useful, please feel free to share it. Subscribe to our newsletter so you don't miss any future articles on IT security. Your comments and recommendations are always welcome to enrich this exchange of knowledge and discoveries!
Stay tuned:
- https://secureaks.com
- https://www.linkedin.com/in/romain-garcia-pentest/
- https://discord.gg/wFCmtufVcG
Thank you for reading and enjoy your web pentest training!