Security Testing - Where on earth do you start?

Hi,

I’ve been a tester for around 12 years now. I’ve got experience in API testing, UI Automation, Load Testing, Performance Testing etc. but I haven’t done any Security Testing.

I’ve bought a couple of books a while back, but I haven’t done a great deal with them.

  • Patrick Engebretson’s Basics of Hacking and Pen Testing
  • Occupy the Web’s Linux Basics for Hackers

I thought it’s about time to revisit and try to learn a little about Security Testing, but, and maybe it’s my age, the amount of information is overwhelming.

I don’t have a specific question, but more of a series of questions. Just starting with Penetration Testing, below are some general questions. Please feel free to answer as many (or few) as you wish. Just after some opinions and steer.

  • Training & Certification : Does anyone recommend any particular courses or certification?
  • Good websites : OWASP seems top of the pile, but again, it contains an incredible amount of information
  • Roadmap : Does any one have a general roadmap for getting started?
  • Kali : It’s covered a lot in one of the books above. What are your thoughts on it.

Beyond that, if you have any books, source material that you find indispensable, feel free to comment.

3 Likes

Maybe with Linux, and it’s terminal.

1 Like

Have you heard of The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws: Stuttard, Dafydd, Pinto, Marcus: 8601404288999: Amazon.com: Books

Follow Dan Billing and Santhosh Tuppad to start with. They might have a lot to share.

2 Likes

Very good question

The most important thing is to have fun, learning things goes twice as fast as long as you are having fun.

As you mentioned yourself OWASP is a good site to get some starting information. Security evolves fast and there is a lot of information, that’s true. It can be overwhelming but don’t get scared?

You can look into OWASP Top 10 API, Mobile and Web and learn about what kind of vulnerabilities go around and learn what they are so you can recognize it.

Roadmap? Euhm I don’t have a roadmap but that’s because security is sooo huge and I don’t know what you want to focus on. I only focus on Web & API security when I do bug bounty. I don’t do hardware or such. So it really depends on what your end goal is here…

If you want to learn security testing I would advice to check out some penetration testing labs and get the hang of that. TryHackMe has some good Boxes to hack, so does HackTheBox but I believe THM has some better guidance. There is also JuiceShop which you can install locally and go nuts! :slight_smile:

You’re going to want to use Burpsuite for hacking , they also have a lovely Academy:

Following security testers is “meh”, you’re going to want to follow Bug Bounty Hunters.
Bug bounty hunting = a platform which offers hackers money to find security holes legally.

Here you can legally search for security flaws at their clients:

Books:

  • Real World Bug Hunting: Real-World Bug Hunting | No Starch Press
    This is the most amazing book ever, real life disclosed hacks through bug bounty. You’re going to want to read this, thank me later! :stuck_out_tongue: This is the hackers point of view on how they hacked a target

Reading publicly disclosed reports is so mind blown on how other people think, it will help you think out of the box.

Here’s HackOne’s PD twitter bot:


Youtubers:

and so many more that I forgot… : /


Certifications

Please don’t get CEH certified XD
It’s just like ISTQB worthless, if you want to get some real certifications you need to focus on the hand on exams like OSCP & OSWA but these are hard AF :smiley: (exams usually take 48 hours)


Kali Linux is nice…very nice! :slight_smile: but not mandatory if you just want to learn the basics and just play around with burpsuite. Kali is just nice because 1 it’s linux and 2 it comes with everything pre-installed.

I hope it already helps a little bit, if you have questions or if you want to have a chat feel free to ask ! :- )


Inspirational video:

  • How i became a HackerOne MVH without writing a single line of python (Motivational talk)
  • How to get started in Bug Bounty

I forked some nice projects/lists you might want to use:

PS: Welcome back! :smiley:

6 Likes

Thank you , I’ll have a look at that book.

1 Like

Wow, just wow.

Thank you, that was just the sort of thing I was after. That gives me plenty to look into.

I really appreciate the time time you’ve taken to list all this.

2 Likes

No worries! That’s why we are here to share knowledge! :slight_smile:
If you have any more detailed questions about a specific topic, shoot!

3 Likes

@chris.adams

I forgot this one, The Advent of Cyber, it’s a very lovely challenge to do. There is always a brief explanation of what you are looking for and perfect guidance, if it doesn’t work out, there is a video tutorial available.

Very much recommended!

2 Likes

I am currently on the same journey. At my company I have access to LinkedIn Learning so I took lots of courses there. Would recommend starting with learning about common attacks and how they work and a theoretical level before diving into it. After several courses the OWASP pages suddenly make sense to me.

While I wouldn’t recommend taking the ISTQB course I think the syllabus was a good overview in under 100 pages: Security Tester - ISTQB® International Software Testing Qualifications Board

3 Likes