What is Required to Work in Web Penetration Testing Jobs?
Wondering how to get a job as a Web Penetration Tester?
This was the topic of our fourth webinar series “What is required to work in cybersecurity jobs”. This time, we invited Ebrahim Hegazy, a senior security consultant at Deloitte, to discuss with us What is required to work in web penetration testing jobs? and to share his personal experience in the field.
How to Start in Web Penetration Testing?
1) Understand the technology
In order to get started in the web penetration testing field, you need to get familiar with the web technologies and how they are related to each other like how the servers operate, how the internet work, and what are the technologies used to create and deploy a website. Also, basic knowledge of networks would be great.
Ebrahim also mentioned that in order to be a good web pentester you need to understand how developers make mistakes that lead to security holes and learn how to exploit those bugs.
2) Learn a programming language
Ebrahim added, In order to be a good web application security researcher, you must have good proficiency in programming languages. He suggested starting with PHP as it has great documentation, an awesome community, and is used by many companies including Facebook.
Also, Ebrahim suggested learning Python to be able to write your own tools and automate the process of penetration testing because while doing sometimes you might encounter situations where you have to write a script or a tool to help you with your task.
As for the web technologies, you first need to start with the language of the web which are: Html, Css, and Javascript. HTML provides the basic structure of sites. CSS is used to control presentation, formatting, and layout. JavaScript is used to control the behavior of different elements.
3) Build something of your own
Using the programming languages you learned, try building a simple website that has a login form, signup form, about page, and home for example.
4) Read web security books
If you have no experience don’t worry. Start reading The Web Application Hacker's Handbook which starts from the very basic concepts to the most advanced attacks.
5) Participate in CTF competitions
By now, you would have a decent exposure to web technologies which means that you are ready to get your hands dirty. Start solving web security challenges and competing in capture the flag competitions to get practical experience in the field.
Also, if you got stuck when solving a CTF challenge, have a look at the solution (writeup) and try to understand the approach and learn from it.
CTF Challenges:
6) Bug Bounty programs
Finding bugs in real companies through the bug bounty programs is the real deal. CTFs are great but you need to start hacking real targets and finding security holes in real companies and this can be done through the bug bounty programs.
Bug Bounty Platforms:
Where can I find jobs in Web Penetration Testing?
Ebrahim said that there are many websites to start searching for web penetration testing positions like LinkedIn, irishjobs.ie, monster.com.
What is the future of Web Penetration Testing?
Ebrahim indicated that the future of web security will be Automation. Automating the process of searching for bugs and security holes is now a critical topic that could be important in the near future Ebrahim said.
Web Penetration Testing Courses
Today, Ebrahim is developing a free online course for Web Application Pentesting which will begin from scratch and will go through advanced attacks and demos. You can access the course materials by clicking here.
Read more articles related to cybersecurity jobs:
What is Required to Work in Malware Analysts Jobs?
What is Required to Work Cybersecurity Jobs at Facebook?
What is Required to Work in Threat Intelligence Jobs?
What is Required to Work in Automotive Cybersecurity Jobs?