Every hacker has their own story of how they got into hacking. If you are reading this article, then I can guess that either you are interested in hacking, you’ve heard the word ethical hacking from a friend, in your course book or you’ve got hacked. Ethical hacking has become a buzzword lately as the internet has become an inseparable tool of human life. Everyday I get a lot of queries on social media and people ask me how they can get into ethical hacking.
Everyone wants to learn how to hack but you have no idea about how to learn or there is less number of people who could lead you towards the world of hacking. So we are writing about how to get started to become a successful ethical hacker.
Before moving towards the world of hacking, make sure you learn HTML/CSS/PHP and MySQL. Best way to learn this will be from w3school.com.
Before learning PHP and MySQL it is necessary that you learn the connectivity process of PHP and MySQL. Create GET and POST method which inserts data in the database and retrieves data from database. You can learn to define roles to the users like admin, editor and analyst like in a Facebook page. Similarly, you can also try creating a blog, assign roles such as admin, editor and author — publish it and see to understand how it works. After making this all you are ready to go on. While practicing about PHP and MySQL you should have heard about vulnerabilities like SQL Injection, XSS and others. If you have gone in depth on the making your previous database connectivity program then you have implemented strong security to prevent SQL Injection and XSS attacks.
Learning Web Penetration Testing
In the early stages of my career I learned web penetration testing from DVWA (Damn Vulnerable Web APP) developed by Ryan to help security professionals test their hacking skills and learn hacking from the beginning stage. You can download DVWA and install it in your local machine. It’s easy to use and I think is the best way to learn web penetration testing.
After a perfect practice of DVWA, you can move to hackerone.com and start exploring the write-ups. I suggest to have a look over Fransrosen, orange Tsai, File Descriptor write-ups along with the medium articles.
If you believe you’ve understood all the bugs of Hackerone then you are perfect to go into ethical hacking and bug bounty. This is just the start, you need to do research more after this while participating in the bug bounty.
I suggest you to learn python in order to make exploits. Once you start finding bugs in the platform, try to find a bug that discloses user information, then make an exploit in Python that will ask the user for user Id and print out their information. If you find a vulnerability where you can take over an account via brute-forcing the OTP code, try to make exploit of this yourself which will brute-force OTP and make your attack successful.
I am myself learning about hacking everyday. However, based on my experience so far, I tried sharing with you small details about how one can get into ethical hacking. If you have any questions, please drop them in the comment section below.