Ask HN: Looking for pen-testing training material
tldr; Anyone have any good realistic pen testing challenges or reading materials which I can use to get a hand on pen testing web apps? I don't need background knowledge as much as I can identify vulnerabilities when I see them, just need something as a guideline where to look/what to use first.
I had a job interview recently and it went well; but the next step is a test where the employer will want to see what I know.
I feel a little queezy as I am great in finding bugs in software but am not always exposed to situations where I have to write exploits (even simple ones like sql injections/cross site scripting vulnerabilities). I have tried some of those challenge sites on the web and can get through a couple before getting to a point where I am actually solving a riddle which is not exactly a practical example. I also have a good programming background so just some sort of practical examples would be nice.
Any help would be appreciated.
2 comments
[ 3.5 ms ] story [ 10.7 ms ] threadThere are some Udemy courses too [2][3]
For best-practices follow Open Web Application Security Project (OWASP) [4]
[1] https://www.kali.org/
[2] https://www.udemy.com/ethical-hacker/
[3] https://www.udemy.com/kali-linux-101/
[4] https://www.owasp.org/index.php/Main_Page
Also, you might want to take a look at https://exploit-exercises.com
Hope these help, good luck with the interview!