As an experienced Tester, recently I have been endeavouring to grow my Penetration & Security Testing skills.
As with any new skill-set the journey can get overwhelming very quickly , because of the vast number of concepts, new terminologies, lack of dedicated mentorship and research sources .
Based on my learning and explorations over the past few months in the Pen Testing & Cyber Security realm, I am putting together a table a learning goals and resources that i hope will help Testers start out on their journey in Pen Testing .
Not by any stretch this is a replacement for real world project experience or structured certification training like OSCP , but is rather aimed as full-time Test Professionals, who on the side are interested in learning about security challenges & Pen Testing for Web,Network and Mobile apps.
|Learning goal/research topic||Resources|
|What are some of the most common security weaknesses out there?||OWASP Top 10 |
|How can you inspect HTTP requests/responses, view source code, manipulate cookies etc using Chrome Dev tools ?||https://developers.google.com/web/tools/chrome-devtools|
|Why is Kali Linux so popular for Pen Testing practitioners ? How can you install Kali Linux using Virtual Box ?||https://www.kali.org/docs/introduction/what-is-kali-linux/|
Set up your own instance of Kali Linux and if you are new to Linux , handy to go through this –>
|Where can you find apps that are deliberately vulnerable ? |
The common Pen Testing approach for all tool sets below is –
You have a machine + OS ( like Kali Linux) to be your “attacker” machine, i.e. from where to run the tools to find weaknesses in the “target” machine or a machine hosting the vulnerable app.
|How do you scan a web app for vulnerabilities ?||Start with ZAP proxy – https://www.zaproxy.org/getting-started/|
Application of ZAP proxy to detect common weaknesses in Web apps
then explore Nessus –
|What does everyone rave about Burpsuite ?|
What capabilities does it provide to perform scanning and penetration attacks ?
|Starting with Burpsuite -> |
OWASP Top 10 detection using Burpsuite –>
this is quite intense, but well worth the learning
|What is Network reconnaissance ?|
Which is a beginner’s tool to scan your network for gathering information ?
|Watch this series of excellent tutorials on Nmap from YouTuber – Hackerspoilt |
|Are there any tools solely focussing on trying to exploit sql databases ?|
Yes, SQLMap is one that is preinstall on Kali Linux , that you can use to try & penetrate a vulnerable website
|How to get started with Android Pen testing ?||Understand Android architecture and how Android apps are built ?|
Use one of the traffic sniffing tools ( e.g Burp Suite proxy) to intercept traffic from an Android app
This is intense again , but going through these tutorials really helped me get a understanding common Android vulnerabilities and how to detect them ?
|How do you reverse engineer apk files and study application code for static verification ?||APK tool and JADX GUI are two reverse engineering tools that i used |
|Are there any “Security as a Service” type of scanners for apps ?||I explored and played with 3 – |
– MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF
Python based and you have to install it locally
– Ostor Lab – A cloud based service where you can upload your app and run vulnerability scans on it
– Immuni Web – Another cloud based service
Other tools that I have come across but have not used yet
– Infection Monkey – Simulates breaches & attacks on your Network
|Going deeper into Mobile Application Security ||This book by the OWASP Team is excellent and has great hands on material |
|Self Training and hacking practice platforms||I have primarily used TryHackMe and their paid service , found it will worth the 10 $ per month that they charge |
There is another one, I have have come across but not used yet – https://www.hackthebox.eu/