Getting into web pentesting from scratch. What knowledge (technology) stack is needed for web pentesting? Can you share your story?
I have a plan to do the following, what do you think? Also, how early did you start doing things in practice?
My plan:
Courses :
- Learn Ethical Hacking From Scratch and Learn Python & Ethical Hacking From Scratch by Udemy
Knowledge (technology): - Linux Review and Code Execution (Linux Host Review)
- HTTP +HTTP Server and Firewall+Linux Exploitation
- SSL/TLS
- SQL injection & Local File Include
- FTP and Traffic analysis
- Nmap and crypto attacks
8)SSL Pinning and Linux Exploitation
Practice and tutorial: - Web applications - HackWare.ru
(Веб приложения - HackWare.ru) - Bandit Wargame analysis of solutions How to quickly get the basic skills of using the Linux console?
(Как быстро получить базовые навыки использования Linux-консоли? – Telegraph) - SQL Injection Challenge SQL injection challenge by BAY
(SQL injection challenge by BAY) - Google XSS Vulnerability Game -XSS game
(SQL injection challenge by BAY) - Penetration test lab
(https://lab.pentestit.ru/)
6)PentesterLab: Our exercises
(PentesterLab: Our exercises) - Challenges / Web - Server
(Challenges/Web - Server [Root Me : Hacking and Information Security learning platform] ) - Challenges / Web - Client
(Challenges/Web - Client [Root Me : Hacking and Information Security learning platform]) + CTF analysis. Web Missions with Root-Me, part # 26. (CTF. Web. Задания с Root-Me, часть #26. – Telegraph)