Getting Started in Cyber Security
When I was looking for work as web developer I started finding more scammers then clients. I quickly learned I needed to protect myself better online and the sites I was building. So when I attended SCALE for the first time in 2018 I focused on the security panels. They not only taught how to keep myself safer online but also to keep my personal information more secure. I also learned how to make sites I built safer and started finding meetups for cyber security. I finally found the area I wanted to focus on with my programming. I could continue using my knowledge from web development in a new way. I eventually attended an open house for a local tech company, and that is where I learned about bug bounty programs. I ended up focusing all my time on learning about bug hunting.
I had made some friends in cyber security so I reached out to them to see if they knew where to start learning about bug hunting. They gave me some great resources like Hacker1 and BugCrowd where I found more info and resources. I started reading every book and watching every youtube video I could find on the subject. I also started implementing everything I learned to my own life and trying out bug hunting. I had already received great advice like using a password manager, setting up to monitor accounts for any transaction and login, and to lie for security questions. All this has not only helped me feel more secure but actually saved me from bigger problems. You can't prevent data breaches but you can ensure it does as little damage as possible by knowing as soon as possible about it. It has been fun learning how people find and exploit vulnerabilities.
I started out learning about OWASP's top ten, and practicing on various capture the flag virtual machines. I also started making my own pen test cheat sheets based on the successful payloads from practicing on purposely vulnerable sites and then running those on real bug bounty programs. I still have a lot to learn, but that is the best part. One of my favorite moments so far was learning how to steel a cookie with XSS while netcat was set to listen for the GET request when pop ups were being blocked. That was fun! Well off to learn and test, TTFN.