Search
-::DESCRIPTION
-::DATE
Pentesting | From Where to Start
Labels:
Pentesting Articles
Many of you have ever wondered from where to start Pen Testing. If yes then you probably tried to get the answer from Google. But frankly speaking, If you are going to search this randomly, Perhaps you will get thousands of results regarding this.
And what you will get? NOthing. They claim to start with XSS, CSRF, SQLi and other types but remeber this all is without even knowing the basics.
Pentesters, newly come in this field, often start with XSS and try to hunt the Big Firms like Facebook, Google with their basic XSS payloads expecting success. But do you know these all big firms havethousands of clever people to review their codes. You have to be more smarter than them to manage to evade filters and by learning payloads you cannot do that.
According to some security researchers, one should learn first the basics of the attack. For Example if you want to learn XSS then you should know What is XSS? How To Expolit XSS? What is the Security Risks to any organization if they are vulnerable to XSS.
Then one should go for XSS payloads and learn how they work. Rather than hunting Big Firms, Try to hunt small scale sites first.
I also give you an advice to visit Blogs of well known Bug Hunters to understand the Flow.
I hope you are cleared with this all. Have a Happy Pentesting. :)
And what you will get? NOthing. They claim to start with XSS, CSRF, SQLi and other types but remeber this all is without even knowing the basics.
Pentesters, newly come in this field, often start with XSS and try to hunt the Big Firms like Facebook, Google with their basic XSS payloads expecting success. But do you know these all big firms havethousands of clever people to review their codes. You have to be more smarter than them to manage to evade filters and by learning payloads you cannot do that.
According to some security researchers, one should learn first the basics of the attack. For Example if you want to learn XSS then you should know What is XSS? How To Expolit XSS? What is the Security Risks to any organization if they are vulnerable to XSS.
Then one should go for XSS payloads and learn how they work. Rather than hunting Big Firms, Try to hunt small scale sites first.
I also give you an advice to visit Blogs of well known Bug Hunters to understand the Flow.
I hope you are cleared with this all. Have a Happy Pentesting. :)
Posted by Pentesting Lab at 02:08
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment