Assalam o Aalaikum everyone! Myself Haider Ali and in this article, I would like to share a roadmap with y’all for learning web application security. According to Glassdoor, the average salary of a web application security engineer is 117,000-167,000 dollars in US which makes it a very demanding field.
Who is a Web Application Security Engineer?
Before considering the roadmap of this field, we need to figure out that what actually is the work of a web application security engineer. In simple words, the work of a web application security engineer is to find security flaws in a website and report it to the company for which he gets paid. Thus, a web application security engineer ethically hacks websites.
Roadmap of Learning Web Application Security
Now comes the part for which I’m writing this article that what’s the roadmap through which one can learn web application security.
Prerequisites:
First of all, I would like to enlist all the prerequisites before learning web application security which would be mandatory to learn if you’re from a Non-CS background.
- Computer Basics: In order to learn computer basics, CompTIA A+ has always been the best option and for learning its content for free, following video would highly help:
https://www.youtube.com/watch?v=1CZXXNKAY5o&ab_channel=PaulBrowning
- Web Fundamentals: After knowing how computers actually work, it would be great to learn web fundamentals which is basically about how actually websites work. Following playlist would help a lot to get basic knowledge needed about how websites work:
https://www.youtube.com/playlist?list=PL_kr51suci7XVVw4SJLZ0QQBAsL2K8Opy
- HTML: Learning about how basic structure of website is developed would be highly conducive so going for HTML would be the best option after learning web fundamentals. Following resource would be enough to learn HTML:
https://www.youtube.com/watch?v=kUMe1FH4CHE&ab_channel=freeCodeCamp.org
In order to practice too, you can use following resource:
https://www.w3schools.com/html/
4. CSS: Basic understanding of CSS would help you to distinguish while seeing responses of code. So just get the basic knowledge of how designing is done on a website. Use following resource to learn CSS:
https://www.youtube.com/watch?v=WuiB5TAQOAM&ab_channel=PWSkillsTech
5. JavaScript: It’s one of the most important language that a hacker needs to learn. So you need to learn it deeply. For that this playlist would help a lot:
https://www.youtube.com/playlist?list=PLu0W_9lII9ahR1blWXxgSlL4y9iQBnLpR
6. Linux: Now that you’re done with basic understanding of web, you should directly dive into Linux as it is the operating system that’s most commonly used by security engineers and hackers for hacking. For that, following video will tell you all the things that you need to learn about Linux as a hacker:
https://youtu.be/lZAoFs75_cs?si=2eW9s2y0mJINA4SK
7. Networking: Networking is undoubtedly most important subject for any hacker so for learning it, you can use following playlist:
https://www.youtube.com/playlist?list=PLkW9FMxqUvyZaSQNQslneeODER3bJCb2K
8.Python: Python is the most famous language in which hackers create their tools for automating different tasks related to hacking. Following course will cover all the things that you need to know related to python in order to make you own web application security tools:
https://youtu.be/XWuP5Yf5ILI?si=xj2_nDp2f_W9mf4S
9. Bash Scripting: Another popular scripting language that is used by hackers a lot is Bash which you can learn from following video:
https://youtu.be/TtGM9GfBuok?si=BUQTg2aQiY0xZrEg
Actual Learning:
now we’re gonna discuss about actual resources from which you can learn web application security:
- So far, I’ve seen that PhDSecurity’s course on bug bounty is detailed and the best one for learning in a very easy way. So you can check out this course first of all:
https://youtu.be/Rp69edBmFFo?si=jnngGo-fkQM5wx-d
- Rana Khalil: This is a youtube channel on which you can find great content related to web application security. It’s link is below:
https://www.youtube.com/@RanaKhalil101
- Web Application Hacker’s Handbook: It’s so far, the most famous book for learning web application security which you can directly download from following link:
http://www.beiruteyecenter.com/uploads/3794_1008_4334.pdf
- InfosecWriteups: In order to learn the attacks and some cool findings by World’s greatest researchers, this website is the best. Its link is below:
- Portswigger: This website is best for learning as well as getting some intentionally vulnerable websites which you can hack for fun and practice. Its link is below:
Last but not the least when you’re done with learning all this stuff, the question that would be arising in your mind would be that where should I go after learning these stuffs. So after learning these stuffs, you can go on following websites and find websites in which you can find security flaws and get paid for finding those flaws.
The list of such websites are:
That’s all for this article, let me know on which topic related to Computer Science do you want me to write the next article in comment section. Remember me in your prayers. Thank you!
Note: This insightful blog post has been generously contributed by Haider Ali as a guest author. Please be aware that the content is the sole creation of the author, and Imam and Science takes no responsibility for its production. We value accuracy and transparency, so if you notice any discrepancies or have concerns, don’t hesitate to reach out to us. Your feedback is highly appreciated.