From Debugging to Defending: My Journey into VAPT from Software Development.

I'm switching from Software Development to Ethical Hacking!. So the next few months I will be learning more about Cyber Security and then start a new career as VAPT.

Why did I decide to do a career switch?

I've been mostly working as an software developer the past two years. It's been fun and something I've found interesting, but this was my first step to learn how software are build, work before starting the ethical hacking.

I am still working with frontend and backend technologies like MERN, MEVN stack. So developing web applications was never something I was that enthusiastic about, but rather something I found logical to learn. I haven't been able to get rid of the feeling of unimportance in my work. I have been wanting to do something that feels more meaningful, but I never really knew what that would be.

I have become more and more interested in Cyber Security in the past few years but I never really knew how I could start a career doing that. So now I'm going to spend the next 6 months learning more about Cyber Security and I finally feel I'm going to be doing something that is important and meaningful! It is scary to do a career switch at this point where I already had quite a lot of experience as a developer, but I don't think that the time has been wasted. I'm sure my background as a software developer will also help me with my new career.

What will i learning in next few months about ethical hacking ?

As a software developer stepping into the realm of ethical hacking, I'm thrilled to share my roadmap for mastering the art of Vulnerability Assessment and Penetration Testing (VAPT), starting with a deep dive into the world of Vulnerability Assessment.

What is a Vulnerability Assessment?

Vulnerability Assessment serves as the guardian of digital fortresses, identifying weaknesses within computer systems, networks, and software, along with the potential risks they pose. Utilizing specialized tools and manual methods, it not only pinpoints potential issues but prioritizes them based on severity.

Key Features of a Vulnerability Assessment:

1. Scanning: Automated tools, like vulnerability scanners, meticulously scan the target system for known vulnerabilities.
2. Identifying Weaknesses: The assessment provides a prioritized list of vulnerabilities, guiding organizations in fortifying their defenses.
3. No Exploitation: Unlike penetration testing, vulnerability assessment focuses solely on identification and reporting, steering clear of active exploitation.
4. Remediation Recommendations: The results come bundled with recommendations for remediation and mitigation.

How to Perform Vulnerability Assessments?

Executing a vulnerability assessment involves diverse techniques, with automated vulnerability scanning being a widely employed method. The vulnerability scanner digs into databases of known vulnerabilities, scanning applications, systems, and data comprehensively. The generated report acts as a roadmap, detailing uncovered problems and proposing countermeasures.

Vulnerability Assessment Types:

1. Network-Based Vulnerability Assessment:Identifies vulnerabilities in network devices like routers and firewalls. Involves tools and techniques such as port scanning, vulnerability scanning, and network mapping.
2. Application-Based Vulnerability Assessment:Identifies vulnerabilities in software applications, including web and mobile applications. Targets common vulnerabilities like SQL injection and cross-site scripting (XSS).
3. API-Based Vulnerability Assessment:Focuses on securing APIs by identifying vulnerabilities in their design and implementation. Addresses threats outlined in the OWASP API Top 10 list.
4. Host-Based Vulnerability Assessment:Identifies vulnerabilities in individual host systems, including servers and workstations. Scans for missing security patches and outdated software.
5. Wireless Network Vulnerability Assessment:Targets vulnerabilities in Wi-Fi networks. Involves testing for weak encryption and rogue access points.
6. Physical Vulnerability Assessment:Identifies vulnerabilities in physical security measures. Involves physical inspections of facilities.
7. Social Engineering Vulnerability Assessment:Identifies vulnerabilities in human behavior through simulated attacks. Tests employees' awareness and response to security threats.
8. Cloud-Based Vulnerability Assessment:Identifies vulnerabilities in cloud infrastructure and services. Scans for vulnerabilities and tests the security of cloud applications.

Vulnerability Assessment Methodology:

1. Determine Critical and Attractive Assets:Understand the ecosystem and rank assets based on attractiveness to attackers.
2. Conduct Vulnerability Assessment: Actively scan the network using automated tools to identify security flaws.
3. Vulnerability Analysis and Risk Assessment: Identify the source and root cause of vulnerabilities, assigning severity scores.
4. Remediation:Close security gaps by applying patches, updating configurations, and implementing new security measures.
5. Mitigation:Lower the chances of exploitation or minimize the impact through virtual patching.
6. Re-Evaluate System with Improvements:Reassess the system's security posture to ensure effectiveness and identify new vulnerabilities.
7. Report Results:Present a comprehensive report defining the system's effectiveness and recommending potential solutions.

As I embark on this journey towards ethical hacking mastery, I'll be sharing my progress and insights. Stay tuned for updates on my exploration of web application vulnerability assessment and API vulnerability assessment! Let's secure the digital world together.

There are multiple vulnerability assessment types. As a software developer, I have knowledge about the web application and how build APIs. That's why, I choose web application vulnerability assessment and penetration testing.