Ethical Hacking: How to Teach Yourself About Bugs

All information given in this article is provided under the assumption that the reader will use it ethically. You should never hack anything without prior consent to do so

The advantages of teaching yourself are that you get to learn at your own pace as well as focus in on the areas that interests you the most. I will be giving you resources to learn about prominent bugs, but I will also be covering how to do your own research.

Give a man a fish, teach a man to fish etc etc... We live in the age of information. You want to learn about web hacking? To learn about the human heart? The blue whale? The entire history of the Holy Roman Empire? All the resources you could ever imagine are online, the skill you must develop is how to find them!

An important concept to understand is there are a small minority of bugs that are commonly found. This means you only need to learn a few bugs to start hacking. OWASP.org is kind enough to rank the most pressing vulnerabilities. It is these vulnerabilities you must learn.

What I recommend to do is to pick a category and start there. For beginners I recommend #7: Cross Site Scripting. You can pick whichever category you would like, but know that I think XSS (Cross Site Scripting) is the easiest to start on.

I give you this list so you have the terminology needed to do further research. The list alone is not very informative, but it tells you what you need to study further.

Okay, this is the fun one. This is the website that I'm always excited to recommend to people: www.hacksplaining.com (requires a free account)

So let's assume we want to learn more about XSS (Cross Site Scripting). We would go to hacksplaining.com and select one of their XSS lessons. I recommend the first one simply called Cross-Site Scripting.

What they do is take a bug and give a step by step explanation of what the bug is and how it is performed. They then explain how prominent and exploitable it is. All the while there are fun and visually appealing cartoon characters. I find it incredibly charming and cannot recommend it enough.

If you've read my previous article then you will remember hackerOne. A quick summary: it's a site that offers you bug bounty programs and acts as a middle man between you and a company with said bounty program.

Once someone discloses a bug and the site fixes the problem, it is disclosed to the public. What this means is that there is a database of bug reports that you can learn from. These reports are in depth explanations of how these hackers tested and what they did to find the exploit. You also get to see how to write a bug report as well as how much you can get paid. This is all under the hacktivity tab, there's a search bar so you can look for specific bugs.

You will have to sign in / make an account but I find hackerOne to be an incredible resource. Once you feel confident enough in XSS vulnerabilities, you can go back to the OWASP top Ten to find a new category and start the process all over again.

I can only hold your hand for so long, when you get out there and start learning on your own is when you will start to make real progress. Let's cover how you can do this on the web.

Key Words:

The layman doesn't understand how search engines work. Depending on your familiarity with tech you may not either. So much of computer science is learning how to search for things. For starters, don't phrase your queries as questions. Instead, you should be using key words. For instances, don't search:

How to exploit web app using XSS?

Here you will only get vague answers. Be short and concise as possible, like so:

Reflected XSS on Angular 1.7.3

This will yield much better results.

Search Engines:

There is more than just Google! I know it's a meme that no one uses Bing, but seriously if you're having difficulty finding something, try a different engine. Different search engines will return different results. Check out this article giving a list of all the other options you have.

Query Tricks:

Okay so Google will probably remain your default search engine. Did you know there neat tricks you can put in your queries? For instances, if you are searching for something and want a phrase in your query to be in the result, put it in quotes

most common "web bugs"

This will treat "web bugs" as one term so you can get specific results.

You want a result from a specific site? use the site tag.

site:youtube.com sneezing panda

This will only return results from the site you specify, great for obscure websites.

Do you want a specific file type? try the filetype tag.

webhacking101 filetype:pdf

This will only return pdfs.

Web Hacking requires the ability to constantly learn, people can recommend resources to you (like I did in this article) but eventually, you will need to learn how to find your own.

I have given you three resources, one to give you better terminology for research, one to help you understand complicated concepts and one to see the real world implementations of bugs. I have also given you some tips and tricks that have helped me over the years.

Only you know what you're interested in and how you like to learn. The best teacher is yourself.