Education Technology cybersecurity
🇷🇴 cristi
🇷🇴 cristi

@CristiVlad25

8 Tweets 49 reads Jan 18, 2023
Twitter
2023 Hacker's Guide: How to Break into Pentesting and AppSec.
(thread)
1. Hands down, one of the best practical resources is @RealTryHackMe. I would take the "Complete Beginner" learning path, then the "Jr. Penetration Tester" path. It will get you off the ground in no time.
tryhackme.com
tryhackme.com/path-action/be…

TryHackMe | Cyber Security Training

TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs,...
2. Simultaneously, I would practice at @PortSwigger Academy. Personally, I'd focus on all things Broken Access Control.
portswigger.net
All learning materials | Web Security Academy
portswigger.net/web-security/a…

All learning materials | Web Security Academy

See detailed view Web Security Academy Put your recon skills to the test Getting started with the We...
3. Read reports and writeups on @PentesterLand. This is by far the best place to see the real impact of security issues.
Read, take notes, then apply what you learned.
pentester.land
Writeups
pentester.land/list-of-bug-bo…

Writeups

We curate bug bounty writeups and penetration testing resources to help you stay up-to-date with the...
4. Participate in VDPs and rank on their leaderboards. Don't do paid bounty programs!
The goal is to become a pentester, who gets paid good money on a frequent basis, unlike a bounty hunter.
5. As your rank on HOFs/leaderboards and as you become experienced in finding security issues, apply to pentesting and appsec-related jobs.
PRO tip: Link your HOFs and ranks in your resume. It's the best showcase of skills. Nobody really cares about your certs.
6. Contribute to open-source security projects and publish your scripts (yes, learn coding!) to your GitHub profile. That goes perfectly well into your resume, as well.
You also give back to the community this way. You're a giver, not a taker.
7. If you enjoyed this thread, there's much more to come! So, stay tuned.
Motivate me to continue posting by liking, retweeting, and following me @cristivlad25.
#pentesting #appsec #infosec #cybersecurity #hacking #bugbountytips

Categories

Education Technology cybersecurity

Some tweets missing

Loading suggestions...