I am a 15 year old student who has been programming for 2 years now. I have recently taken an interest in Web Security/White-Hat Hacking. Does anyone know any websites that are good at teaching beginner -> Intermediate level Web Security? I would prefer it if they were free as I do not have that much expendable income being a student.
While this doesn’t directly teach you by giving you instructions, it gives you the hands on experience you’ll need, best to use to attack while you follow along some other tutorial(s), of which I’ll list below.
Anyway, it is called Juice Shop: https://github.com/bkimminich/juice-shop
Juice Shop is a web application built with modern technologies. A lot of the vulnerabilities are frequently found in real-world apps, which makes Juice Shop so good - it is essentially a real-world app.
Now, with Juice Shop installed, you want to attack it. You might follow along the videos and CTFs created by HackerOne (a bug bounty platform): https://www.hackerone.com/hacker101 to get a feel for things. The book considered to be the holy grail of web application security is The Web Application Hacker’s Handbook. It’s a little old, but is still super useful. You might also find The Tangled Web a to be useful.
Anyway, a glimpse threw the Web Application Hacker’s Handbook will provide a solid understanding into attacking web applications, it is invaluable. I hope this provides enough for you to dig into. However, I apologize that it isn’t in a much better order.
It appears to be currently down for maintenance, so hopefully it’s not completely offline now. It’s not the best way to get into real pentesting etc, but it is a lot of fun!