Learn to Hack Web Apps


So you want to learn to hack.

Want to participate in bug bounty?

No problem. Here's a roadmap to follow so you can learn web hacking.

Just remember:

Enduring growth cannot be achieved without a commitment to process

Learn to love the process of learning and bettering yourself. Take time to understand. This is a marathon, not a sprint.

Here's a roadmap:

Learn to code:

  • Learn Bash scripting & the command line
  • Learn HTML & Javascript (MDN Docs / CodeAcademy / W3 Schools)
  • Learn Python (or Golang, Java, C#, or another language).
  • Learn some basic SQL.

Learn networking:

Go through all of these: "Network Basics for Hackers"

  • Learn TCP/IP basics, Subnetting, Network Masks, DNS, HTTP, etc.

BORING? Maybe. But, this knowledge is invaluable

Download Burp Suite

  • Configure it with your browser.
  • Learn how to use the Proxy and the Repeater.
  • Look at real HTTP requests when you visit a site.

Build a web application:

Build a basic web application with HTML, Javascript Python (Flask), and SQL.

Google a tutorial. Implement functionality such as creating posts, login & logout, etc.

Do anything that helps you understand how these components work together.

To break, you must first understand.

Learn about Web Vulnerabilities:

I share hacking stories on Twitter, so you can learn.

Also, I send out a newsletter that will help you.


I recommend trying the Department of Defense's Vulnerability Disclosure Program.

Develop your technical skills by learning from others and by doing.


You don't learn to cook in a day. It's a process.

You start with someone else's recipe.

Gradually, over time, you become proficient and are ready to make your own recipes.

This is a marathon, not a sprint. Learn to love the process of learning.

Good luck! Stay disciplined.