Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Where to start?

Ashish | Last updated: Oct 12, 2020 04:01PM UTC

I am a begineer in pentesting and bug bounties. I came across https://portswigger.net/web-security/all-materials this url while searching for resources to learn Web Application Security. So My Question is as a complete begineer where should I start learning, I mean which vulnerability. There are so many at https://portswigger.net/web-security/all-materials. Thanks!

Uthman, PortSwigger Agent | Last updated: Oct 12, 2020 04:18PM UTC

Hi Ashish, You can begin anywhere you like. That is the greatest feature of the academy! The learning materials are comprehensive and most of the topics are discrete (although all related to web security vulnerabilities). I would start with bugs that are easier to understand conceptually - e.g. XSS, SQL injection, etc... You can then practice these in bug bounty programs.

Ishaq | Last updated: Oct 13, 2020 01:12PM UTC

Hi Ashish, I had prepared this roadmap kind of thinf for myself, feel free to use it if you like Cross-site scripting Cross-site request forgery (CSRF) Cross-origin resource sharing (CORS) DOM-based vulnerabilities Clickjacking (UI redressing) HTTP request smuggling Web cache poisoning Testing for WebSockets security vulnerabilities XML external entity (XXE) injection Server-side request forgery (SSRF) Insecure deserialization Server-side template injection SQL Injection OS command injection Authentication Access control vulnerabilities and privilege escalation Directory traversal Business logic vulnerabilities

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.