So you’ve taken an interest in ethical hacking. Whether you’re an experienced web developer looking to secure your websites or someone who’s looking for a new hobby, we’ve got you covered, there will be resources for complete beginners and for more experienced hackers.
The places to learn ethical hacking mentioned below will teach you web app hacking/pentesting. Here is the list:
1 – WebGoat
I really love WebGoat, it’s a great place to start learning about ethical hacking and the many terms that come with it. You’ll start with learning the very basics like HTTP Methods, then you learn some interesting stuff like SQL Injection, XSS (cross site scripting), etc . WebGoat is a bit different than all the other places to learn ethical hacking. It is a web server with built-in pages to teach you all about ethical hacking, there are also interactive excercises included. The best part about WebGoat is that you immediately get to practice what you learned.
There are many different ways to install WebGoat but one of the easiest and quickest ways is to download the jar and to type this command into your command prompt or terminal:
java -jar <your_filename.jar>
You may also want to add the “–server.adress=…” argument if you are not using WebGoat for local use and thus accessing it remotely.
After running the command above you should have a result similar to this:
The next step is to navigate to http://localhost:8080/WebGoat/login. After doing this you will be able to register a new user and start learning.
2 – Udemy
I think Udemy is a great starting point, you learn the very basics (depending on the course you choose) and have a fun learning experience by watching videos.
The courses I recommend the most are:
Learn ethical hacking from scratch is a great course that takes you from beginner to advanced. Python and ethical hacking makes you understand the theory behind many things and teaches you to code in python which is a big advantage in ethical hacking.
3 – Books
While you may think that this is obvious, books are actually one of the best ways to learn anything. And this doesn’t exclude ethical hacking. If you’re serious about ethical hacking I’m sure you’ll be eager to read an ethical hacking book that has lots of good information. You can of course just pick a book that you think suits you best but I think that this book is great for beginners. I actually bought the book myself. Even if you’re already advanced in hacking, you may still learn something from this book as it thoroughly explains subjects. Beginners will learn subjects like request methods, server responses, etc.
4 – Vulnhub
Now comes the perfect website for practicing your newly acquired skills. On vulnhub you can download virtual machines that are exploitable. For the best experience you should pick a machine that has a walkthrough online. So if you think you find a machine you want to try, make sure it has a walkthrough.