Welcome to Web Pentesting Journey! This repository is dedicated to documenting my Web Penetration Testing and Ethical Hacking learnings as I explore security vulnerabilities, exploitation techniques, and best practices for securing web applications.
As a Full-Stack Developer, understanding web security is crucial. This repo serves as a structured learning resource where I document concepts, tools, real-world vulnerabilities, and hands-on exercises in web pentesting.
/WebPentesting_Journey
│── /30DaysOfEthicalHacking
│── /Cross-Site Scripting (XSS)
│── /Bug-Bounty
│── README.md
✅ Web Security Basics – HTTP(S), Cookies, Sessions, Authentication
✅ Reconnaissance – Google Dorking, OSINT, Subdomain Enumeration
✅ Exploitation – SQL Injection, XSS, CSRF, SSRF, LFI/RFI, IDOR, Clickjacking
✅ Bug Bounty – Finding & Reporting Security Vulnerabilities, Responsible Disclosure
✅ Tools & Frameworks – Burp Suite, Nmap, Metasploit, OWASP ZAP, Nikto, Wfuzz
✅ CTFs & Challenges – Hands-on security practice through Capture The Flag challenges
- Burp Suite - Web security testing tool
- Nmap - Network scanning & reconnaissance
- Metasploit - Exploitation framework
- TryHackMe - Hands-on cybersecurity learning
- Hack The Box - Cybersecurity challenges
- OWASP Top 10 - Common web security risks
- Nikto - Web server scanner
- Wfuzz - Web application brute forcer
- Kali Linux - Penetration testing OS
- Parrot OS - Security-focused Linux distribution
The goal of this repository is to document my learning journey while sharing valuable insights, notes, and techniques for web penetration testing in a structured and organized manner.
- Learn & document Web Application Security vulnerabilities
- Explore ethical hacking techniques and methodologies
- Practice with real-world bug bounty reports
- Share useful tools and scripts for penetration testing
- Contribute to open-source security projects
- Stay updated with the latest cybersecurity trends
This repository is for educational purposes only. Unauthorized hacking or penetration testing without legal permission is illegal. Always adhere to ethical hacking principles and obtain proper authorization before performing security tests. Do not use any techniques mentioned in this repository for malicious purposes.
If you're interested in Web Security & Ethical Hacking, feel free to fork this repository, contribute, and collaborate! Let's learn together. 💡