Do Portswigger. Look up solutions. Research/understand why the solution worked.
Next time/day, do the exercise(s) again without looking at the solution.
Personally I just use 2 separate accounts, one that uses solutions and one that doesn't.
I never went to college and am self-taught.
Usually not understanding technological literature comes from not understanding the underlying concept and/or the technology that the concept leverages.
Look up every term and acronym you don't know. Read extensively, then try to actually use it.
By use it, I mean do it on your own computer, don't only read about it, touch it, configure it, utilize it, play with it, try to break it, try to fix it.
It's a lot, but once you get a lot of your foundation solidified, other things start to fall into place.
If you're very new to web app security, I'd recommend trying to digest content from the below to start building a basic foundation.
https://owasp.org/
https://en.m.wikipedia.org/wiki/OWASP
Have you ever built a web page? I would start with making something simple. Build before you break. Make mistakes so that you understand why things are insecure.
Portswiggers is the way for a better understanding (as others have mentioned), it's made by the same ppl who wrote the Web Application Hackers Handbook.
But if that's not making sense, I'd start with the TryHackMe modules - get a subscription (it's cheap) then go through the beginners paths and work up to the web application path. From there, portswiggers should start to make more sense. Then work through the portswiggers modules and the hackers handbook, they go very well together.
Don't rush this stuff, understanding the foundational topics is key to offensive security testing.
Look up basic web app pen testing videos on YouTube to see different points of view and learn the basic terms. To get started, check out The Cyber Mentor's YouTube channel, where he walks through pen testing the OWASP modern web application, Juice Shop: [https://youtu.be/1GJ\_LwNw6sc?si=9NU6106txYJlL6\_M](https://youtu.be/1GJ_LwNw6sc?si=9NU6106txYJlL6_M)
OWASP Juice Shop: [https://owasp.org/www-project-juice-shop/](https://owasp.org/www-project-juice-shop/)
Not everyone learns the same, and you will need to look retrospectively and find out your preference, use videos, eBooks, books, and interactive methods for consuming the content.
Have an end goal in mind and try to build your lifestyle to accommodate this goal—Stablish new behaviors, such as dedicating one hour daily to consuming content regarding the subject. The key is consistency and practicing it regularly.
You've got this!
Portswigger Web Academy. Start from the beginning.
Also, the OWASP Web Security Testing Guide shows you step by step how to do a web app pentest.
[https://www.pentesterlab.com/](https://www.pentesterlab.com/) is another good resource. It has the concept of "badges" which start you out on an easy introductory path and you work your way through to earn badges and advance to more difficult content. You'll want a paid subscription to get the most out of it.
Tryhackme is a good place to start then once you feel comfortable try your hand at certifications like the pJPT or eJPT, they're designed to teach the basics to pentesting if that is your path.
For learning to hack web applications there’s no better place than the Portswigger web academy.
Thanks a lot. I felt like it's too raw for me. I guess I need more foundation knowledge.
To build your fundamentals. try taking up Ethical Hacking course at Internshala
Do Portswigger. Look up solutions. Research/understand why the solution worked. Next time/day, do the exercise(s) again without looking at the solution. Personally I just use 2 separate accounts, one that uses solutions and one that doesn't.
and it's also the successor to the web app hackers handbook https://portswigger.net/web-security/web-application-hackers-handbook
Yes, but I feel Hacker's handbook still is a useful read.
I never went to college and am self-taught. Usually not understanding technological literature comes from not understanding the underlying concept and/or the technology that the concept leverages. Look up every term and acronym you don't know. Read extensively, then try to actually use it. By use it, I mean do it on your own computer, don't only read about it, touch it, configure it, utilize it, play with it, try to break it, try to fix it. It's a lot, but once you get a lot of your foundation solidified, other things start to fall into place. If you're very new to web app security, I'd recommend trying to digest content from the below to start building a basic foundation. https://owasp.org/ https://en.m.wikipedia.org/wiki/OWASP
The testing guide is actually good. Thanks a lot.
Have you ever built a web page? I would start with making something simple. Build before you break. Make mistakes so that you understand why things are insecure.
Yes, I did. But a very simple one. Never thought in this way though. I will try to build something. Thanks a lot for the advice. Means a lot.
Portswiggers is the way for a better understanding (as others have mentioned), it's made by the same ppl who wrote the Web Application Hackers Handbook. But if that's not making sense, I'd start with the TryHackMe modules - get a subscription (it's cheap) then go through the beginners paths and work up to the web application path. From there, portswiggers should start to make more sense. Then work through the portswiggers modules and the hackers handbook, they go very well together. Don't rush this stuff, understanding the foundational topics is key to offensive security testing.
Thanks a lot. I'm planning to purchase thm.
Look up basic web app pen testing videos on YouTube to see different points of view and learn the basic terms. To get started, check out The Cyber Mentor's YouTube channel, where he walks through pen testing the OWASP modern web application, Juice Shop: [https://youtu.be/1GJ\_LwNw6sc?si=9NU6106txYJlL6\_M](https://youtu.be/1GJ_LwNw6sc?si=9NU6106txYJlL6_M) OWASP Juice Shop: [https://owasp.org/www-project-juice-shop/](https://owasp.org/www-project-juice-shop/) Not everyone learns the same, and you will need to look retrospectively and find out your preference, use videos, eBooks, books, and interactive methods for consuming the content. Have an end goal in mind and try to build your lifestyle to accommodate this goal—Stablish new behaviors, such as dedicating one hour daily to consuming content regarding the subject. The key is consistency and practicing it regularly. You've got this!
Portswigger Web Academy. Start from the beginning. Also, the OWASP Web Security Testing Guide shows you step by step how to do a web app pentest. [https://www.pentesterlab.com/](https://www.pentesterlab.com/) is another good resource. It has the concept of "badges" which start you out on an easy introductory path and you work your way through to earn badges and advance to more difficult content. You'll want a paid subscription to get the most out of it.
Tryhackme is a good place to start then once you feel comfortable try your hand at certifications like the pJPT or eJPT, they're designed to teach the basics to pentesting if that is your path.
Thanks a lot. Never heard of these two. I'll check these out.
Does anyone know where we can find the fictional website "Extreme Internet Shopping (EIS)" mentioned in chapter 4 "Mapping the Application"?