This my guide where I'll present the way that I followed to learn some basic and intermediate web hacking concepts. I hope that the way I followed could help people interested in learning web hacking with no experience. If you have a comment or recommendation you can DM me, I'll talk about myself later on.
Welcome once again, feel comfortable and learn a lot!
I'm creating this guide to try to solve a little problem that creates a big problem. The problem that we all face are the cybersecurity attacks that companies are receiving, black hat hacking, data breaches, etc. This problem is mostly due to the human factor when designing or building software. The cybersecurity industry is expected to solve these problems, but it also faces its own problems such as not having the necessary personnel and the one that is found does not have the necessary or updated skills to face current problems.
I cannot solve such a big problem, but as a university student I could see that cybersecurity is one of the areas that is most ignored by IT students. When I started to dive into the area I notice that there are a lot of sites, platforms or web apps that offer CTF challenges. After a long time having played and having accumulated experience, knowledge, many frustrations and failures, I began to notice that the road was very long and that it could be simplified and have a better route, that is, to approach it in a better way.
That is why, if there was a guide for people who are interested and have little or no experience, this would help them to take better advantage of how CTF challenges and theoretical concepts are presented, that is why I propose this guide that is my path and my own experience. I'm doing a research called "Practical guide to learning cybersecurity in the categories of pentesting and web hacking based on CTF challenges", I have to finish the guide, then get some results and finally try to publish an article.
Build a guide with resources that can help you understand the techniques used to detect and mitigate the most common vulnerabilities in web applications, based on CTF challenges.
To do this I'm going to: