DIY: Learn security testing — Quick TIPS!

Software is Code. You write code and it behaves based on how you write the code. However, when you write code; there are some bugs which are injected knowingly or unknowingly.

We all have an unpleasant feeling with bugs (The real biological ones - Not every bug of course) right?

Its the same with software bugs. Like humans are highly vulnerable to various things, vulnerable humans write the code and its fair enough to have security vulnerabilities. So, here’s where security testers who have trained themselves to protect from black-hat hackers come into picture. Security testers perform security tests to make the software better in terms of security.

Here are some quick tips to DIY in terms of learning security testing.

OWASP.com — These folks just rock in terms of spreading the knowledge and more about security testing for web, mobile, IoT and more [ That's why now it is called as, "Open Worldwide Application Security Project" ]. I recommend OWASP to anyone who would want to learn more about security / ethical hacking quickly. If you need a test idea for security, then you can directly go for cheat sheets at https://www.owasp.org/index.php/Cheat_Sheets

Books — For any newbie to get a mind-set on hacking and get to know about some hacking techniques, I would recommend “Hacking for dummies” (The oldie but a goodie for starters and fun read) by Kevin Beaver. You can also get the e-Book version on https://issuu.com/ but you can get hard copy as well by purchasing it from Amazon or any other shopping site.

packetstormsecurity.com — This is my weapon house. There are many open-source utilities and freeware that can be used in your security testing activity. For instance, there are utilities which can help you to generate test data for attacks like brute force etc. How about learning to do some coding to add better value to these open-source utilities while you can perform better at your security tests? Choice is yours!

Movies / Passion / Self-Motivation / Inspiration — Watch movies / series like Die Hard 4, Ant-Man, The Shawshank Redemption, Mr. Robot etc. which speak about hacking in some way through stealing, being a thief, escaping the infrastructure and more. While you watch these kind of movies, always process the scenes with respect to hacking and social engineering. My philosophy is, I try to learn from anything that exists on this planet through various sources. And do not forget the self-motivation, ONLY YOU can motivate yourself very well and that will always stay with you. Motivation from external sources is always secondary and not primary (I am referring to intrinsic motivation here).

Watch videos from Kevin Mitnick and get inspired.

Aim for Black-Hat Hacker — Yes, its a beautiful thought :-) I believe that when you aim for the bad guy, you end up in becoming good guy. But, always be conscious about what you are doing. Do not hate bad guys, love them so that you can learn from them. With hatred, it becomes hard to learn. With love, it comes to you. Yes, its the same philosophy I apply for life. Talk to unethical hackers to learn from them. How do identify one? You will know it when you meet one.

Security Tools — You have many tools out there and also you can learn Python if you want to build your own tools for web security. I have already mentioned about for the tools, that is packetstormsecurity.com. Want more? Exploration is the key.

NO FEAR ATTITUDE — The way I learned hacking is to not fear things come what may. When you have fear, its hard to learn anything. Try to not fear, face it and that’s where the treasure is. I believe in it. I follow my visceral in everything in my life.

Without getting the mind-set & hacker philosophy; it may be not fun to learn. Godspeed!