My learning path
Below is the list of resources I have developed and will personally use to expand my capabilities.
Reading list
- The web application hacker’s handbook: finding and exploiting security flaws, 2ed.
- Bug bounty bootcamp: the guide to finding and reporting web vulnerabilities.
- Web application security: Exploitation and countermeasures for modern web applications.
Course list
I’m actually not a big fan of courses, so for this occasion I will totally decide to skip this type of learning.
Labs list
- Web security academy by Portswigger. The vulnerability documentation and vulnerability exploitation labs are simply fantastic. I think I will spend many and many hours inside the academy…..
- Pentesterlab. I will combine it with the Portswigger academy, I will buy the pro subscription as it is inexpensive and the material looks interesting.
Other resources
I created a twitter account, and I have followed some people with some recognition in this sector because I think the content they bring to the community is of great value.
And I have also subscribed to youtube channels such as @Nahamsec. I will take a look at their live feeds where they live try to find bugs in bug bounty programs to get an idea of how they structure and proceed.
The idea I have in mind is in this training process to discover the vulnerability I am most passionate about and master it to the point where I can start looking for it in bug bounty programs.
Finally, I would like to build my own methodology. Without abusing tools, I want to understand how things work and why.