DEV Community

Cover image for My VAPT Learning Journey
Nitin Kumar
Nitin Kumar

Posted on

My VAPT Learning Journey

I'm very passionate about Cyber Security, and so I was thinking of starting a series where I'll try to update you about the progress, topics, and related labs each day for better hands-on practice.

The topics will be mostly from Portswigger Website. Also, for some more practical discussion, I'll refer to Kontra.

If you're also a beginner & want to begin your journey in Cyber Security, you can follow my VAPT tutorial with labs series & if you're an expert or in this journey, you can help me out with some suggestions.

Following are the topics that I'll cover during this journey:

Server Side topics

  1. SQL injection
  2. Authentication
  3. Path traversal
  4. Command injection
  5. Business logic vulnerabilities
  6. Information disclosure
  7. Access control
  8. File upload vulnerabilities
  9. Race conditions
  10. Server-side request forgery (SSRF)
  11. XXE injection
  12. NoSQL injection
  13. API testing
  14. Web cache deception

Client Side topics

  1. Cross-site scripting (XSS)
  2. Cross-site request forgery (CSRF)
  3. Cross-origin resource sharing (CORS)
  4. Clickjacking
  5. DOM-based vulnerabilities
  6. WebSockets

Advanced topics

  1. Insecure deserialization
  2. Web LLM attacks
  3. GraphQL API vulnerabilities
  4. Server-side template injection
  5. Web cache poisoning
  6. HTTP Host header attacks
  7. HTTP request smuggling
  8. OAuth authentication
  9. JWT attacks
  10. Prototype pollution
  11. Essential skills

Let me know my plan & your ideas, suggestions, or pointers to discuss this. I'm open to collaboration too. I'll try to create more concise but informative blogs on each topic & it's solution.

We can check our leaderboard/dashboard here.

To get started, you need to create an account in Portswigger & my main focus will be on this website only.

Let's Hack !!

Bibliography

  1. What exactly is VAPT (Vulnerability Assessment and Penetration Testing) ? by @ismailtasdelen
  2. A Developer’s Guide to Web App VAPT Essentials by @devedium

Top comments (0)