Resources and tools that will help you in your day to day activities by Vignesh - Pentestmag

Resources and tools that will help you in your day to day activities by Vignesh

Oct 3, 2016

This is my first article in an international arena. Basically, from my web application testing background, I will share a few lists of resources and tools that will help you in your day to day activities.

There are three basic types of pentesters:

  • Testers who just blindly follow the tools

  • Testers who follow the tools according to the requirements and concepts

  • Testers who write the tools and scripts

The resources in this article will mostly pertain to the second category of testers.

Let’s discuss a few important tools here and some tips related to them. Before starting, here are a few brief rules for beginners that need to be considered while testing:

  • Never trust automated scanner’s output as it might contain false positives

  • Test thoroughly for each and every endpoint

  • Always manually fuzz the application, not with automated fuzzers

  • Never brute-force or social engineer the webserver

  • Learn about OWASP top 10 vulnerabilities, which is the common standard for everything

  • If you are looking for a methodology that you can follow, you can look at the OSTTM, which will guide you with a step by step approach

Training:

I want to learn but I don’t know where to start. If this is your first thought, follow the instructions or some short tips:

Resources:

Some books and valuable resources that a web application pentester shouldn't miss are:

Some Black Box Testing Tools:

If you need to know about some tools that exist in the market, the OWASP has a list here: https://www.owasp.org/index.php/Appendix_A:_Testing_Tools

Bug Bounty Platforms:

  • Hackerone

  • BugCrowd

  • Synack

  • Cobalt.io

Practice Sites:

  • DVWA application

  • Acunterix test sites

  • HackThisSite

Some Bookmarks:

For future reference, you can download or import this bookmark list which will be helpful in following up issues:

Cheat Sheets:

During pentesting, you will come across a lot of things to test. In order to assist you, the following cheat sheets may help you during testing. These are the three most common types of cheat sheets:

1) XSS

2) SQL Injection

3) Command Injection

YouTube Channels:

Tools:

Although there are a lot of tools in the market for testing, I hereby present some of the tools that might help you in your day to day life:

I hope I covered some of the basic resources that will help my fellow testers for day to day usage. In the future, if I get a chance, I will come back with another set of helpful links.


Author: blueberry-Vignesh4303

Google VRP, Pentester by profession ,bug bounty hunter whom spends main time at analysing web and malware.

 

Recommended Reading
The CISO’s Myopia

Fifteen years ago, I wrote an article entitled "The CSO’s Myopia." At the time, I

Beginner's Guide to Cybersecurity

Cybersecurity refers to the practice of protecting systems, networks, and programs from digital attacks. These

A New Frontier in Cybersecurity: Drone Pentesting

In the ever-evolving landscape of cybersecurity, a novel approach has emerged that combines cutting-edge technology

Drone Cybersecurity: Ensuring the Security of Unmanned Aerial Vehicles

Drones are also known as unmanned aerial vehicles, or UAVs, and their use and attractiveness

October 3, 2016
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023