From Zero to Pentester Course
10 hours of exercises
Not only for aspiring pentesters
Cybersecurity is one of the most critical aspects of modern web development. Often, aspiring developers don't receive enough educational emphasis on this subject. As an aspiring developer, it was fascinating to explore 'the other side'.
The overview
It was a very valuable experience for me and undoubtedly for each of the participants as well. The lecturer is a great enthusiast and practitioner of cybersecurity, additionally possessing educational talents. During the training, we learned about numerous potential vulnerabilities of web applications, as well as methods of conducting attacks and the tools used for that purpose.
The exercises
The course lasted for 10 days, with nearly 3 hours each day and included 10 exercises daily. All of these exercises were from the PortSwigger page, the creators of Burp. While solving the exercises, Kacper translated all the concepts and discussed the nuances associated with them, for example what is URL encoding, basic syntax of: SQL, JavaScript, Linux commands
- Access control vulnerabilities
- Cross-site scripting (XSS)
- SQL injection
- Server-side request forgery (SSRF)
- OS command injection
- Path traversal
- Information disclosure
- Web LLM attacks
The sources
During the course, Kacper generously shared an extensive list of reliable cybersecurity knowledge sources. These resources cover a wide range of topics to enhance our understanding and skills in the field. Here are some of the recommended sources
- otwartezrodla.pl
- highon.coffee/blog/ssrf-cheat-sheet/
- owasp.org/www-project-juice-shop
- vulnhub.com
- portswigger.net/web-security/sql-injection/cheat-sheet
- docs.projectdiscovery.io/tools/nuclei/overview
The developers packages
Particularly valuable for me was the package for DOM sanitization - Dompurify - recommended by Kacper. Additionally, the emphasis on avoiding the use of innerHTML and the method name that should serve as a warning for any developer considering its use in React: 'dangerouslySetInnerHTML.'
- npmjs.com/package/dompurify?activeTab=readme
- blog.logrocket.com/using-dangerouslysetinnerhtml-react-application/
Summary
This is just a brief overview of the course. It's difficult to convey the extent of knowledge Kacper shared with the group. After the course, participants who completed the necessary exercises and confirmed their completion received certificates acknowledging their participation in the course. Once again, thank you! Hopefully I'll be a better developer thanks to this course. I highly recommend such a course to developers, pentesters, cybersecurity specialists, or anyone else. Given the inherent dangers of the web, understanding the threats is crucial for everyone's online safety.
