As an experienced Tester, recently I have been endeavouring to grow my Penetration & Security Testing skills.
As with any new skill-set the journey can get overwhelming very quickly , because of the vast number of concepts, new terminologies, lack of dedicated mentorship and research sources .
Based on my learning and explorations over the past few months in the Pen Testing & Cyber Security realm, I am putting together a table a learning goals and resources that i hope will help Testers start out on their journey in Pen Testing .
Not by any stretch this is a replacement for real world project experience or structured certification training like OSCP , but is rather aimed as full-time Test Professionals, who on the side are interested in learning about security challenges & Pen Testing for Web,Network and Mobile apps.
| Learning goal/research topic | Resources |
| What are some of the most common security weaknesses out there? | OWASP Top 10 https://owasp.org/www-project-top-ten/ |
| How can you inspect HTTP requests/responses, view source code, manipulate cookies etc using Chrome Dev tools ? | https://developers.google.com/web/tools/chrome-devtools |
| Why is Kali Linux so popular for Pen Testing practitioners ? How can you install Kali Linux using Virtual Box ? | https://www.kali.org/docs/introduction/what-is-kali-linux/ Set up your own instance of Kali Linux and if you are new to Linux , handy to go through this –> https://tryhackme.com/module/linux-fundamentals |
| Where can you find apps that are deliberately vulnerable ? The common Pen Testing approach for all tool sets below is – You have a machine + OS ( like Kali Linux) to be your “attacker” machine, i.e. from where to run the tools to find weaknesses in the “target” machine or a machine hosting the vulnerable app. | https://github.com/kaiiyer/awesome-vulnerable https://pentester.land/cheatsheets/2018/10/12/list-of-Intentionally-vulnerable-android-apps.html |
| How do you scan a web app for vulnerabilities ? | Start with ZAP proxy – https://www.zaproxy.org/getting-started/ Application of ZAP proxy to detect common weaknesses in Web apps https://www.zaproxy.org/docs/guides/zapping-the-top-10/ then explore Nessus – https://resources.infosecinstitute.com/topic/a-brief-introduction-to-the-nessus-vulnerability-scanner/ |
| What does everyone rave about Burpsuite ? What capabilities does it provide to perform scanning and penetration attacks ? | Starting with Burpsuite -> https://dev.to/leading-edje/getting-started-with-burp-suite-31hd#articles-list OWASP Top 10 detection using Burpsuite –> this is quite intense, but well worth the learning https://portswigger.net/support/using-burp-to-test-for-the-owasp-top-ten |
| What is Network reconnaissance ? Which is a beginner’s tool to scan your network for gathering information ? | Watch this series of excellent tutorials on Nmap from YouTuber – Hackerspoilt https://www.youtube.com/watch?v=5MTZdN9TEO4 |
| Are there any tools solely focussing on trying to exploit sql databases ? | Yes, SQLMap is one that is preinstall on Kali Linux , that you can use to try & penetrate a vulnerable website https://www.kalitutorials.net/2014/03/hacking-website-with-sqlmap-in-kali.html |
| How to get started with Android Pen testing ? | Understand Android architecture and how Android apps are built ? https://medium.com/mobile-penetration-testing/00-prepare-for-penetration-testing-cea4c3de1f05 Use one of the traffic sniffing tools ( e.g Burp Suite proxy) to intercept traffic from an Android app https://medium.com/androgoat/intercept-http-traffic-from-android-app-androgoat-6e3d4d14d352 This is intense again , but going through these tutorials really helped me get a understanding common Android vulnerabilities and how to detect them ? https://medium.com/mobile-penetration-testing/android-penetration-testing-courses-4effa36ac5ed |
| How do you reverse engineer apk files and study application code for static verification ? | APK tool and JADX GUI are two reverse engineering tools that i used https://ibotpeaches.github.io/Apktool/ https://ourcodeworld.com/articles/read/387/how-to-decompile-an-apk-or-dex-file-using-jadx-in-windows |
| Are there any “Security as a Service” type of scanners for apps ? | I explored and played with 3 – – MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF Python based and you have to install it locally – Ostor Lab – A cloud based service where you can upload your app and run vulnerability scans on it https://www.ostorlab.co/ – Immuni Web – Another cloud based service https://www.immuniweb.com/ Other tools that I have come across but have not used yet – Intruder.io – Infection Monkey – Simulates breaches & attacks on your Network |
| Going deeper into Mobile Application Security | This book by the OWASP Team is excellent and has great hands on material https://owasp.org/www-project-mobile-security-testing-guide/ |
| Self Training and hacking practice platforms | I have primarily used TryHackMe and their paid service , found it will worth the 10 $ per month that they charge https://tryhackme.com/ There is another one, I have have come across but not used yet – https://www.hackthebox.eu/ |
the reluctant tester 
Leave a Reply