WEB HACKING RESOURCE KIT
Web applications are some of the most common targets you’ll find on Bugcrowd Programs. Web
security vulnerabilities range anywhere from Open Redirects to Remote Code Execution. This list
of resources will help you to master the basics and get you on your way to your next P1! Feel free
to reach out to [email protected] with any questions as you begin your hacking journey.
Happy Hunting!
COURSES Portswigger.net Web The creators of Burp Suite have put together a fantastic and free web security
Security Academy academy that covers the basics for anyone interested in hacking!
Secure Code Warrior offers security challenges and trainings for developers in
Secure Code Warrior dozens of scripting languages, including JavaScript, Python and C++.
PentesterLab PentesterLab offers a hands-on learning courses where you can work to find
and exploit real system vulnerabilities.
BLOG Nahamsec - Resources A great list of resources created by researcher Ben Sadeghipour (Nahamsec) with
POSTS for Beginner Bug everything from tools to talks that covers the basics of hacking.
Bounty Hunters
The Open Web Application Security Project® (OWASP) is a nonprofit organization with
OWASP hundreds of security resources, including the top 10 industry security risks.
TOOLS This insecure web application is a great way to level up your skills! Hackers new and
OWASP Juice Shop advanced can participate in challenges to exploit the vulnerabilities in this test
application.
XMind is a brainstorming and idea mapping tool that can help you
XMind during recon or to create your own Bug Bounty Methodology!
This tool defines public scopes from Bugcrowd programs and creates a JSON/XML file
Rescope that is compatible with Burp/Zap for testing! You can use it to parse multiple scopes
ffuf A web fuzzer written in Go that is used for fuzzing Get and Post data.
VIDEO Alexis (HackerSploit) offers several excellent web hacking series on his
RESOURCES
HackerSploit YouTube channel, including Linux Essentials, Android hacking and Web
The Cyber Mentor offers a fantastic Web Application Hacking course
The Cyber Mentor that discusses XSS, SQL Injection, Broken Access Control and more!
FORUM Bug Bounty Forum is a great community space to chat and collaborate
Bug Bounty Forum with other researchers in the field.
PentesterLand is a fantastic weekly newsletter that offers a digest of the
Pentester Land top write-ups, tools and resources within the InfoSec community.
Bugcrowd's community forum of researchers and white-hat hackers discussing
Bugcrowd Forum information security and bug bounty programs.
DOCUMENT UPDATED JULY 2020
BUGCROWD INC. TWITTER FACEBOOK DISCORD LINKEDIN WWW.BUGCROWD.COM +1 (650) 2608443
