Module 8
Next Steps
Last updated on: 5 September 2024
Edit this page on GitHubModule 8
Last updated on: 5 September 2024
Edit this page on GitHubAt this point, you should be able to perform professional-quality security assessments of websites. However, you still have a lot to learn in terms of managing and refining the work of testing and also in terms of more obscure and advanced testing techniques. This subtopic covers some paths you can take to continue to practice and build your skills.
After completing this subtopic, practitioners should know how they can continue to practice and develop their web application security assessment skills.
There are a few complementary paths that you can use to develop and practice the skills you have gained in this learning path. These paths should not prevent you from doing the actual work of assessing the security of websites but can be used during idle time.
As you may recall, this learning path used labs from the Portswigger Academy, but did not use all of the labs for the topics covered. If you want, you can go back and try your hand at the “expert”-rated labs. Do note that these labs represent very rare situations and are often difficult for experienced web application security assessment experts.
This Learning Path covered the most important aspects of web application security, but there are many more areas.
The Portswigger Academy has topics and labs that were not included in this Learning Path. If you’re interested, feel free to peruse them. Note that if you signed up for an account on the Portswigger Academy, it tracks which labs you’ve done. This can help you easily find new labs and areas you’ve not done.
Also, the OWASP testing guide is a very thorough guide to web application security assessments and the vulnerabilities that one might find. If you have a few minutes, it’s often interesting to skim the contents for topics you don’t recognize and read up on them.
It’s also a great idea to regularly read vulnerability reports published by other researchers to understand both their methodologies and the weaknesses they found within websites and web applications. This report is a great start, since it points out both very basic errors made in web applications while also explaining in depth just how much damage could be caused by an adversary exploiting those vulnerabilities. Do keep in mind, however, that it focuses on a website which contains particularly egregious errors; most of the vulnerabilities you or other security researchers find will not be as basic.
The most impactful thing you can do to improve your web application testing skills is to test web applications. There are two primary ways you can do this on your own. The first is to check out the intentionally vulnerable web applications in the OWASP vulnerable web applications directory. Juice Shop and DIWA are among these, and there are many more. If you struggled to find most of the vulnerabilities in DIWA, this is a good place to start. You can download and practice on these sites; some of them are even hosted online so that you don’t need to go through the hassle of downloading something.
Once you’re confident that you find vulnerabilities in intentionally insecure sites, a good way to get practice is to participate in bug bounty programs. In bug bounties, site owners give people permission to test their websites and usually will compensate you if you report a new vulnerability to them. Frequently, these sites already have mature security programs, so vulnerabilities are few and far between. However, rather than trying to be realistic, these are real websites, so you’re building real-world experience. Note that some people are able to make a living through bug bounty programs, but the techniques they use are not the same as those used in comprehensive web application security assessments. If your goal is to practice and develop your skills, it’s best to perform comprehensive assessments of sites with bug bounties, and view any compensation you receive as a bonus.
The two largest bug bounty platforms are HackerOne and Bugcrowd. Both of these services allow site owners to connect with “hackers” who wish to test websites. Both have lists of participating site owners, generally the best practice is to pick a newer program that has modest payouts. This should help you find a site where you’re more likely to actually find vulnerabilities. Of course, when testing, be sure to comply with the rules of the bug bounty program.
This skill check addresses the whole learning path more broadly. Understanding the OSI (Open Systems Interconnection) model is crucial for comprehending the layers of network communication and the vulnerabilities that can be exploited at each level. You can learn a little more about the model here and in subtopic 6 of this learning path.
In a typical web application architecture, various OSI layers play distinct roles, from managing data transmission to securing communication channels. This set of multiple-choice questions explores the OSI layers involved in web application architecture, alongside potential vulnerabilities and corresponding attack vectors. Test your knowledge of network security and gain insight into the layers where threats commonly lurk. If possible, discuss your answers to those questions with a peer or mentor who will help verify that you’ve correctly understood the topic.
A) Application Layer
B) Transport Layer
C) Network Layer
D) Data Link Layer
A) Cross-Site Scripting (XSS)
B) SQL Injection
C) Denial of Service (DoS)
D) Broken Authentication
A) Data Link Layer
B) Transport Layer
C) Application Layer
D) Presentation Layer
A) Denial of Service (DoS)
B) Cross-Site Scripting (XSS)
C) Man-in-the-Middle (MitM) Attack
D) SYN Flood Attack
A) Physical Layer
B) Network Layer
C) Transport Layer
D) Session Layer
A) Cross-Site Scripting (XSS)
B) Man-in-the-Middle (MitM) Attack
C) SQL Injection
D) Buffer Overflow
A) Application Layer
B) Transport Layer
C) Netwok Layer
D) Data Link Layer
A) Cross-Site Scripting (XSS)
B) ARP Spoofing
C) SQL Injection
D) Cross-Site Request Forgery (CSRF)
A) Presentation Layer
B) Application Layer
C) Transport Layer
D) Network Layer
A) Cross-Site Scripting (XSS)
B) SQL Injection
C) Denial of Service (DoS)
D) Man-in-the-Middle (MitM) Attack
All Labs | Portswigger academy
FreeDuring this learning path, you only completed some of the Portswigger labs. Going back and completing more, especially the difficult ones, will be excellent practice.
OWASP testing guide
FreeA very thorough document about web application security and the vulnerabilities you can find.
Hacking into a Toyota/Eicher Motors insurance company by exploiting their premium calculator website
FreeA good writeup of a website with particularly egregious security errors which could give an attacker high-level access, and basic steps which could have mitigated those vulnerabilities.
Bug bounty programs: HackerOne
FreeBug bounty programs allow you to make money while finding security vulnerabilities and are a great way of ethically testing applications and legally verifying your skills.
Bug bounty programs: Bugcrowd
FreeBug bounty programs allow you to make money while finding security vulnerabilities and are a great way of ethically testing applications and legally verifying your skills.
Congratulations on finishing Module 8!
Mark the checkbox to confirm your completion and continue to the next module.
Marks the current module as completed and saves the progress for the user.
You've completed all modules in this learning path.