Welcome, this guide has been created because I can see a trend rising of other training hackers for ethical hacking and while I do believe we need this. I am of the opinion however that we need to build on our security system from the ground up so we can secure our application better. In QA we have a saying "quality is something that needs to be built into all levels of an application, Even down to the analysis”.
In this course, I want to show you all kinds of exploits from different sides. If you want you can build a long and hack your creation afterward before securing it and discovering the types of security out there,
It's best to take this course into parts, we will be dividing the topics into small parts so you can easily pick up where you left. You can make a small plan about what days you will tackle what topics. For example:
| Week 1 | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday | Sunday |
|---|---|---|---|---|---|---|---|
| Morning | School | School | School | School | School | Security config | Repeating |
| Afternoon | School | School | School | School | School | Free | Free |
| Evening | Introduction | CSRF/Open redirects | LFI/ RFI | XXE/XSS | API top 10 | Hybrid native configurations | Free |
| Week 2 | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday | Sunday |
|---|---|---|---|---|---|---|---|
| Morning | School | School | School | School | School | Labs + quizzes Security config | Breakfast at grandpa's home |
| Afternoon | School | School | School | School | School | Free | Free |
| Evening | Labs + quizzes Intro | Labs + quizzes CSRF/Open redirect | Labs + quizzes LFI/ RFI | Labs + quizzes XXE/XSS | Labs + quizzes API top 10 | Labs + quizzes Hybrid native configurations | Free |
This is an example but it will allow you to get in some repetition by trying to take on the labs we have available on hackxpert.com and the quizzes we have made. You can take this however you wish and you can take longer or shorter but just realize that it doesn't matter how you complete the course, as long as you complete it you should be familiar with the basics of security along with some best practices and how these issues come to life before securing them.
I won't show you examples in every programming language as the principles we are going to talk about apply to most programming languages although the syntax might differ a bit. We will mostly be using python and PHP for this course as these languages allow us to easily explain the concepts.
I hope you are ready friends because we about to start your journey into becoming a more aware software developer, architect or analyst.