Starter pack on Penetration/Security Testing for newbies

As an experienced Tester, recently I have been endeavouring to grow my Penetration & Security Testing skills.

As with any new skill-set the journey can get overwhelming very quickly , because of the vast number of concepts, new terminologies, lack of dedicated mentorship and research sources .

Based on my learning and explorations over the past few months in the Pen Testing & Cyber Security realm, I am putting together a table a learning goals and resources that i hope will help Testers start out on their journey in Pen Testing .

Not by any stretch this is a replacement for real world project experience or structured certification training like OSCP , but is rather aimed as full-time Test Professionals, who on the side are interested in learning about security challenges & Pen Testing for Web,Network and Mobile apps.

Learning goal/research topicResources
What are some of the most common security weaknesses out there?OWASP Top 10

https://owasp.org/www-project-top-ten/
How can you inspect HTTP requests/responses, view source code, manipulate cookies etc using Chrome Dev tools ? https://developers.google.com/web/tools/chrome-devtools
Why is Kali Linux so popular for Pen Testing practitioners ? How can you install Kali Linux using Virtual Box ? https://www.kali.org/docs/introduction/what-is-kali-linux/
Set up your own instance of Kali Linux and if you are new to Linux , handy to go through this –>
https://tryhackme.com/module/linux-fundamentals
Where can you find apps that are deliberately vulnerable ?
The common Pen Testing approach for all tool sets below is –
You have a machine + OS ( like Kali Linux) to be your “attacker” machine, i.e. from where to run the tools to find weaknesses in the “target” machine or a machine hosting the vulnerable app.
https://github.com/kaiiyer/awesome-vulnerable

https://pentester.land/cheatsheets/2018/10/12/list-of-Intentionally-vulnerable-android-apps.html
How do you scan a web app for vulnerabilities ? Start with ZAP proxy – https://www.zaproxy.org/getting-started/
Application of ZAP proxy to detect common weaknesses in Web apps
https://www.zaproxy.org/docs/guides/zapping-the-top-10/
then explore Nessus –
https://resources.infosecinstitute.com/topic/a-brief-introduction-to-the-nessus-vulnerability-scanner/
What does everyone rave about Burpsuite ?
What capabilities does it provide to perform scanning and penetration attacks ?
Starting with Burpsuite ->
https://dev.to/leading-edje/getting-started-with-burp-suite-31hd#articles-list

OWASP Top 10 detection using Burpsuite –>
this is quite intense, but well worth the learning
https://portswigger.net/support/using-burp-to-test-for-the-owasp-top-ten
What is Network reconnaissance ?
Which is a beginner’s tool to scan your network for gathering information ?
Watch this series of excellent tutorials on Nmap from YouTuber – Hackerspoilt
https://www.youtube.com/watch?v=5MTZdN9TEO4
Are there any tools solely focussing on trying to exploit sql databases ?
Yes, SQLMap is one that is preinstall on Kali Linux , that you can use to try & penetrate a vulnerable website

https://www.kalitutorials.net/2014/03/hacking-website-with-sqlmap-in-kali.html
How to get started with Android Pen testing ? Understand Android architecture and how Android apps are built ?

https://medium.com/mobile-penetration-testing/00-prepare-for-penetration-testing-cea4c3de1f05

Use one of the traffic sniffing tools ( e.g Burp Suite proxy) to intercept traffic from an Android app

https://medium.com/androgoat/intercept-http-traffic-from-android-app-androgoat-6e3d4d14d352

This is intense again , but going through these tutorials really helped me get a understanding common Android vulnerabilities and how to detect them ?

https://medium.com/mobile-penetration-testing/android-penetration-testing-courses-4effa36ac5ed


How do you reverse engineer apk files and study application code for static verification ?APK tool and JADX GUI are two reverse engineering tools that i used

https://ibotpeaches.github.io/Apktool/

https://ourcodeworld.com/articles/read/387/how-to-decompile-an-apk-or-dex-file-using-jadx-in-windows

Are there any “Security as a Service” type of scanners for apps ? I explored and played with 3 –

MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF
Python based and you have to install it locally

Ostor Lab – A cloud based service where you can upload your app and run vulnerability scans on it
https://www.ostorlab.co/

Immuni Web – Another cloud based service
https://www.immuniweb.com/

Other tools that I have come across but have not used yet

Intruder.io
Infection Monkey – Simulates breaches & attacks on your Network
Going deeper into Mobile Application Security

This book by the OWASP Team is excellent and has great hands on material

https://owasp.org/www-project-mobile-security-testing-guide/
Self Training and hacking practice platforms I have primarily used TryHackMe and their paid service , found it will worth the 10 $ per month that they charge
https://tryhackme.com/

There is another one, I have have come across but not used yet – https://www.hackthebox.eu/

Leave a Reply