Hello Learners, hope you all are doing fine, So, I'm going to start this series of "Learn WebSec with Sain" in which we will be discussing Web Application Security, We'll be covering the most common vulnerability once a week starting next week, both theoretical and practical on how to exploit real-world vulnerabilities (Bugs) in web applications and how to prevent them. This will give you basic insights on that bug by identifying to exploiting phase, As this series is going to be Beginner-Friendly, Professionals can also take away something from this, but before we start a big thanks to my friend Arz for helping me with this initiative and all the people along the way. So without further ado let's start with the Introduction.
What is WebSec and what to do with that?
All applications such as mobile, cloud, website, and desktop must be protected to keep their data safe against malicious attacks as well as unintentional breaches and failures. Web application security is a collection of protocols and tools that work together to achieve this.
Finding, repairing, and removing vulnerabilities ensures that functions exposed in the Web application are secure.
What are the most common bugs found in 2022?
According to the research from HackerOne disclosed reports, these are the top 10 bugs that are commonly found in web applications:
Sensitive data exposure - Course Content
Cross-Site Scripting (XSS) - Course Content
Subdomain Takeover
Broken Access Control (including IDOR) - Course Content
Authentication Bypass
Cross-Site Request Forgery (CSRF) - Course Content
Open Redirect
Identification and Authentication Failures
SQL-Injection - Course Content
Command Injection - Course Content
Can I have a career in WebSec?
Cybersecurity itself is a great career choice, According to U.S. Bureau of Labor Statistics "Employment of information security analysts is projected to grow 33 percent from 2020 to 2030, much faster than the average for all occupations." There are nearly 600,000 cybersecurity job openings across the United States, according to recent data from Cyber Seek and about 16,300 openings for information security analysts are projected each year, on average, over the decade. So are you ready to challenge yourself in the world of cyber security? now's the time to take the leap!
In WebSec, after clearing the concepts and deep diving into it, you can also start working on Bug Bounty Programs, in which you'll get handsomely rewarded for the bug you report, bug bounty hunters earn hundreds and thousands of $ for a bug they report, some of the most known bug bounty and vulnerability disclosure platforms are HackerOne, BugCrowd, Intigriti.
Prerequisites:
Before we start I want to clear up some important things you'll see lots of scripting here and as a beginner, it'll scare you, but you don't have to worry about that, there are lots of professionals who don't know how to code but are very much good at their job, but, you do need to clear some concepts of how the code in web application works only then you'll be able to identify the vulnerability much easier and faster than others, you don't need to learn JavaScript as the web development pathway, but just to clear some concepts, because that's where we find the vulnerabilities, I would recommend FreeCodeCamp, and TomNomNom has a great video on Javascript For Hackers do check it out. Below are some prerequisites of the course, no need to stress, they're not much compared to others :D
- Basic knowledge of JavaScript and its functions
- Knowledge of Burp Suite, click here to download Burp Suite
- Some out-of-the-box thinking and know how to use a browser ;)
Course Structure:
This will be a writeup-based course in which we'll be covering a vulnerability once a week starting next week, we'll be using the PortSwigger Academy labs to get practical hands-on training, this course won't be just about solving labs but we'll also do some research on that particular vulnerability and solve the labs along with it. We'll cover the "Apprentice" level labs for the beginners, and the remaining advanced level labs will be little homework for you until we meet for the next bug to discuss a different vulnerability. make sure to sign up at Portswigger Academy, I hope you guys take good knowledge from this and will appreciate your support on this.
Top comments (0)