So you want to learn to hack.
Want to participate in bug bounty?
No problem. Here's a roadmap to follow so you can learn web hacking.
Enduring growth cannot be achieved without a commitment to process
Learn to love the process of learning and bettering yourself. Take time to understand. This is a marathon, not a sprint.
Here's a roadmap:
Learn to code:
- Learn Bash scripting & the command line
- Learn Python (or Golang, Java, C#, or another language).
- Learn some basic SQL.
Go through all of these: "Network Basics for Hackers"
- Learn TCP/IP basics, Subnetting, Network Masks, DNS, HTTP, etc.
BORING? Maybe. But, this knowledge is invaluable
Download Burp Suite
- Configure it with your browser.
- Learn how to use the Proxy and the Repeater.
- Look at real HTTP requests when you visit a site.
Build a web application:
Google a tutorial. Implement functionality such as creating posts, login & logout, etc.
Do anything that helps you understand how these components work together.
To break, you must first understand.
Learn about Web Vulnerabilities:
- Learn about the vulnerability types in the free Portswigger Academy
- Read through the OWASP Top 10
- Look through HackerOne's hacktivity page.
- Read "Web Hacking 101" by @yaworsk
- Read "Real-World Bug Hunting" by @yaworsk
- Go through the PortSwigger Web Academy.
- Go through the Hacker101 free course.
- Go through PentesterLab (paid)
- Learn about reconnaissance (Google dorks, subdomain enumeration, portscanning, directory brute-forcing)
I share hacking stories on Twitter, so you can learn.
Also, I send out a newsletter that will help you.
I recommend trying the Department of Defense's Vulnerability Disclosure Program.
Develop your technical skills by learning from others and by doing.
You don't learn to cook in a day. It's a process.
You start with someone else's recipe.
Gradually, over time, you become proficient and are ready to make your own recipes.
This is a marathon, not a sprint. Learn to love the process of learning.
Good luck! Stay disciplined.