When I started studying computer science, I was particularly interested in 2 fields: mobile app development and information security. Fast-forward 5 years, as of today I’m a software developer doing web and mobile apps, but I still got a strong interest toward security, especially application security. For the last few years, I tried to get into infosec more seriously, at least to make the apps I work on more secure. I began going to Hackfest, an awesome infosec conference in Quebec(Canada), and participating to the CTFs. I am definitely not at a level to compete against the other participants, but I have fun and I learn a lot. Every talk, I noted down book suggestions, twitter handles and blogs in the hope to consume the content and become as good as I could. Lately, I decided to get into bug bounty hunting and needed to sort out all the resources I gathered to focus on the most interesting ones. Here is what I came up with(I also intend to keep this post up-to-date when I find other nice content).
Attack Driven Development: Getting Started in Application Security
How to Shot Web: Web and mobile hacking (Bug Bounty Methodology v1)
Bug Bounty Methodology v2
Bug Bounty Methodology v3
These are some talks I really wanted to watch, but there are other Youtube channels I found interesting:
- Web Hacking 101
- The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws
- Breaking into Infosec
- Mastering Modern Web Penetration Testing
- Penetration Testing: A Hands-On Introduction to Hacking
- Metasploit: The Penetration Tester’s Guide
- PoC or GTFO
- Crypto 101(free)
The Open Web Application Security Project aims to improve software security by providing guidelines and learning resources.
Nothing beats practice when learning, so here are some resources offering online sandbox or downloadable virtual machines to sharpen your hacking skills. You should definitely start out with Hacksplaining, which will give you a basic understanding of different vulnerabilities, then go to other less directed ressources to practice further.
OWASP’s Interactive learning platform
More practice sites listing
Any comments? Hit me up @codingjames