How to become from zero level to expert level in Web Penetration?

[Darkxss]

Hello every one,

I have zero knowledge about any programing language not even basic.



I want to learn API Penetration.

What Programming languages are required to learn first to start Practice on Web API Penetration?



I need advice from experts.

I want to learn how to find api bugs.

I want to learn how to exploit api.

i want to learn all possible way of method to play with api.



In the Google too much knowledges i am confused which one is best to choice and start.

 

[Aels]

GitHub - shieldfy/API-Security-Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your API

Checklist of the most important security countermeasures when designing, testing, and releasing your API - shieldfy/API-Security-Checklist

github.com

https://apimike.com/api-penetration-testing-checklisthttps://apimike.com/api-penetration-testing-checklist In the beginning, you need to learn about SQL and no-SQL injections, then a bit about proxy servers like Varnish, then about URL and email parsers in different languages (php, python, node-js at least), then about basic http-level attacks like header splitting, utf parsing bugs, cookie fixation, csrf and so on.
then just follow bugbounty writeups on twitter - there is plenty of realworld examples

 

[Darkxss]

GitHub - shieldfy/API-Security-Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your API

Checklist of the most important security countermeasures when designing, testing, and releasing your API - shieldfy/API-Security-Checklist

github.com

https://apimike.com/api-penetration-testing-checklisthttps://apimike.com/api-penetration-testing-checklist In the beginning, you need to learn about SQL and no-SQL injections, then a bit about proxy servers like Varnish, then about URL and email parsers in different languages (php, python, node-js at least), then about basic http-level attacks like header splitting, utf parsing bugs, cookie fixation, csrf and so on.
then just follow bugbounty writeups on twitter - there is plenty of realworld examples

Thank you so much mate. it will help me start learning. some one recommend me learn python language first.
here is word from other board exploit"
Python dude, now bypasses many languages in terms of its functionality. It is easy to understand, and multi-faceted in use. "

 

[Cl4uM]

Hello every one,

I have zero knowledge about any programing language not even basic.



I want to learn API Penetration.

What Programming languages are required to learn first to start Practice on Web API Penetration?



I need advice from experts.

I want to learn how to find api bugs.

I want to learn how to exploit api.

i want to learn all possible way of method to play with api.



In the Google too much knowledges i am confused which one is best to choice and start.

Hello every one,

I have zero knowledge about any programing language not even basic.



I want to learn API Penetration.

What Programming languages are required to learn first to start Practice on Web API Penetration?



I need advice from experts.

I want to learn how to find api bugs.

I want to learn how to exploit api.

i want to learn all possible way of method to play with api.



In the Google too much knowledges i am confused which one is best to choice and start.

I don't know the knowledge from which you start, but with a good base of http, you can choose the language that you like the most (python/nodjs/js) and start programming small functionalities for backend api. You learn a lot by building first, then breaking. It is also important to know how the portions related to authentication and authorization work in a standard way.

From there, you can get to work on the main security problems related to APIs
my two cents

 

[berlin]

"web application hacker handbook" is your best friend,