How do you find vulnerabilities in a website?

[darkodesolo]

I believe this serves as a solid compass for learning. Hackers must be well-rounded. The more you know, the more it will enhance your capabilities.

https://roadmap.sh/cyber-security

 

[Spider777]

I believe this serves as a solid compass for learning. Hackers must be well-rounded. The more you know, the more it will enhance your capabilities.

https://roadmap.sh/cyber-security

Okay bro, I'll read it. Thank you, bro.

 

[Spider777]

смотря какие именно уязвимости вы надеетесь отыскать.
если уже известные, то эффективнее будут массовые сканеры с возможностью поиска по базам известных уязвимостей с дальнейшим их изучением и тестированием на возможность эксплуатации в ручном режиме.
если же цель найти еще не найденные, то наверное только в ручном - изучение исходников, если есть возможность, а так же реверсом скомпилированного и скомпонованного или же интерпретируемого выполняемого кода, и тестированием типа фаззинга, в ручном или автоматическом/полуавтоматическом

роадмап примерно один, а способов и инструментария очень много. но тут ведь важнее всего глубоко понимать суть работы систем, компиляции/интерпретации и выполнения кода. а когда уже есть четкое понимание-быстро разберетесь в том, какой инструментарий вам необходим, а затем уже и какой удобен.

ну и об ответственности не стоит забывать, разумеется.

ok bro

 

[d1ceB4t]

First, you should learn to program. Try a web development language or something general like Python.

 

[darkodesolo]

Books on hacking and cybersecurity:
Web Application Hacker’s Handbook 2
Real World Bug Hunting
Bug Bounty Bootcamp
Red Team Field Manual
Red Team Development and Operations: A Practical Guide
Operator Handbook: Red Team + OSINT + Blue Team Reference
Tribe of Hackers Red Team
The Pentester Blueprint
OSINT Techniques: Resources for Uncovering Online Information
Evading EDR
Attacking Network Protocols
Black Hat GraphQL
Hacking APIs
Black Hat Go
Black Hat Python
Black Hat Bash
Breaking into Information Security
Expanding Your Security Horizons
Active Directory глазами хакера
Hacking: The Art of Exploitation, 2nd Edition
Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition
The Database Hacker's Handbook: Defending Database Servers
The Shellcoder's Handbook: Discovering and Exploiting Security Holes 2nd Edition
From Day Zero to Zero Day: A Hands-On Guide to Vulnerability Research
Penetration Tester's Open Source Toolkit
SQL Injection Attacks and Defense
The Art of Network Penetration Testing: How to take over any company in the world
Practical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly

All books can be found：https://welib.org/

Online platforms and training resources:
Web Security Academy by PortSwigger：portswigger.net/web-security
APISEC University：https://www.apisecuniversity.com/
Pentester Lab：pentesterlab.com
HTB Academy：academy.hackthebox.com
Cybrary：cybrary.it
Offensive Security Training：offensive-security.com
SANS Institute：sans.org
TryHackMe：tryhackme.com
Hacking Articles：https://www.hackingarticles.in/

Manuals and reference books:
OWASP Web Security Testing Guide：owasp.org/www-project-web-security-testing-guide/
Web Security Testing Guide (Ellie Saad and Rick Mitchell v4.2)：owasp.org/www-project-web-security-testing-guide/v42/
Zseano’s Methodology：bugbountyhunter.com/methodology/zseanos-methodology.pdf
Wiki Book Pentest Living Document：github.com/nixawk/pentest-wiki
HackTRICKS：book.hacktricks.xyz

 

[Spider777]

Books on hacking and cybersecurity:
Web Application Hacker’s Handbook 2
Real World Bug Hunting
Bug Bounty Bootcamp
Red Team Field Manual
Red Team Development and Operations: A Practical Guide
Operator Handbook: Red Team + OSINT + Blue Team Reference
Tribe of Hackers Red Team
The Pentester Blueprint
OSINT Techniques: Resources for Uncovering Online Information
Evading EDR
Attacking Network Protocols
Black Hat GraphQL
Hacking APIs
Black Hat Go
Black Hat Python
Black Hat Bash
Breaking into Information Security
Expanding Your Security Horizons
Active Directory глазами хакера
Hacking: The Art of Exploitation, 2nd Edition
Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition
The Database Hacker's Handbook: Defending Database Servers
The Shellcoder's Handbook: Discovering and Exploiting Security Holes 2nd Edition
From Day Zero to Zero Day: A Hands-On Guide to Vulnerability Research
Penetration Tester's Open Source Toolkit
SQL Injection Attacks and Defense
The Art of Network Penetration Testing: How to take over any company in the world
Practical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly

All books can be found：https://welib.org/

Online platforms and training resources:
Web Security Academy by PortSwigger：portswigger.net/web-security
APISEC University：https://www.apisecuniversity.com/
Pentester Lab：pentesterlab.com
HTB Academy：academy.hackthebox.com
Cybrary：cybrary.it
Offensive Security Training：offensive-security.com
SANS Institute：sans.org
TryHackMe：tryhackme.com
Hacking Articles：https://www.hackingarticles.in/

Manuals and reference books:
OWASP Web Security Testing Guide：owasp.org/www-project-web-security-testing-guide/
Web Security Testing Guide (Ellie Saad and Rick Mitchell v4.2)：owasp.org/www-project-web-security-testing-guide/v42/
Zseano’s Methodology：bugbountyhunter.com/methodology/zseanos-methodology.pdf
Wiki Book Pentest Living Document：github.com/nixawk/pentest-wiki
HackTRICKS：book.hacktricks.xyz

Thank you so much for sharing this excellent collection of books, platforms, and reference materials