Learn to Hack Web Apps for Free

Hello, everyone. I hope everything is going well for you. I am back again with another article and this time I will be guiding you on how to get into back bounty or hack web applications for free (zero cost). Let's dive into it!

What exactly is web app hacking/bug bounty?

“ Web hacking, in general, refers to the exploitation of applications via Hypertext Transfer Protocol (HTTP) which can be done by manipulating the application through its graphical web interface, tampering the Uniform Resource Identifier (URI) or exploiting HTTP elements” and bug bounty is basically a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs.

How does someone get started in this area? What is required?

I will be covering all of these here. It's a straightforward process and should be easy to follow this guidance.

Credit to Corben Leo on Twitter: https://twitter.com/hacker_

So you want to learn to hack. Want to participate in Bug Bounty?

1. Remember: “ Enduring growth cannot be achieved without a commitment to process”
2. Learn to love the process of learning and bettering yourself.
3. Take time to understand.

Here’s a roadmap for bug bounty and web app hacking

• Learn to Code
• Learn Bash Scripting and The Command Line
• Learn HTML & Javascript (MDN Docs / CodeAcademy / W3 Schools
• Learn Python ( or Golang, Java, C#, or another language).
• Learn some basics of SQL
• Learn Networking
• Go through all of these: https://www.hackers-arise.com/networks-basics (Network Basics For Hackers).
• Learn TCP/IP basics, Subnetting, Network Maska, DNS, HTTP, etc.

BORING? Maybe. But, this knowledge is invaluable

• Setup Linux Distro such as Ubuntu or even Kali and download (Purp Suite — Free Edition)
• Configure it with your browser.
• Learn how to use the Proxy and the Repeater.
• Look at the real HTTP requests when you visit a site.
• Build a web application
• Build a basic web application with HTML, Javascript, Python(Flask), and SQL.
• Google a tutorial. Implement functionality such as creating a post, login, & logout, etc.
• Do anything that helps you understand how these components work together, (How the web content works together).

Learn about Web Vulnerabilities:

• Learn about the vulnerability types in the free Portswigger Academy
• Read through the Owasp Top 10
• Look through HackerOne’s hacktivity page.
• Read “Web Hacking 101” by @yaworsk
• Read “Real-World Bug Hunting” by @yaworsk
• Go through the PortSwigger Web Academy.
• Go through the Hacker101 free course.
• Go through PentesterLab (paid)
• Learn about reconnaissance (Google dorks, subdomain enumeration, portscanning, directory brute-forcing)

“ I recommend trying the Department of Defense’s Vulnerability Disclosure Program. Develop your technical skills by learning from others and by doing. Do NOT use vulnerability scanners. They’re a crutch. You will fail.”

• TLDR
• Learn to Code
• Learn Networking
• Learn web vulnerability types
• Practice Through Labs
• Learn how to do reconnaissance
• Try on VDp or Bug Bounties

This is it for today, it should be easy to follow along and pick a topic to learn when going through this roadmap. I hope this helps anyone who wants to do web app hacking! Stay tuned as I am working spreadsheet of resources and a roadmap for beginners or anyone who’s already in the field!

Thank you