Starting in InfoSec - 101

- 4 mins

This blog post is written as a list of tips and notes on starting the field of Information Security.

Question

How do you Start in the field of information security?

I want to become a bug bounty hunter, ethical hacker, web-app tester, or to have better knowledge in security testing. How to start?

Answer

The following are tips and points that should be followed when getting into the field of Information Security in general and security testing in specific.

1. Start with programming fundamentals

It’s required to start from the very beginning regarding web application testing. With good fundamentals, it’s easier to go further.

Having a good background in scripting languages: PHP, Shell, then choose Python, Ruby, Node.JS, or similar scripting languages.

Also, HTML/CSS/JS will be essential for web security. Learning programming would be necessary to understand the web and write web exploits and code.

Learning programming will give you an excellent background in understanding the nature of applications and how they could be developed. This will also help you write testing scripts or code that you would need in security testing.

You should at least reach a level where you can perform the ideas you have in mind. It takes time to learn, but it’s vital.

2. Have a good knowledge of Linux/Unix

This will help you learn how to interact with your machine and get the most out of it when performing tests.

3. Understand networking basics

Learning networking is very important. It should give you knowledge on how to approach a target in testing. Also, it will help you build blocks in the application and server connection.

You should understand popular services and protocols and how it works. Also, be able to know how to debug issues.

4. Basic knowledge of System Administration

Basic knowledge of system administration is beneficial. It will help you understand how things work, and based on that, you will have an idea about common issues that can be used to break things.

5. Learning common web-application security vulnerabilities

After finishing the above, you can learn the typical web application security vulnerabilities, how to find them, how they occur, and how to exploit them. Take each vulnerability and read a sample vulnerable code for it (assuming you reached a good level in learning programming), and then see how to protect from it.

There are vulnerable applications that can help you with it. https://vulnhub.com/

It is an excellent resource for getting vulnerable virtual machines. (What’s a virtual machine? It would help if you had this covered in previous sections).

6. Practice, Practice, and Practice

Nothing comes easily. Information security is not an industry of 9-5 jobs. It won’t be easy to improve if you don’t dedicate yourself to it. Put a good amount of effort into learning and practicing.

7. English is the world’s language of communication. Learn it to learn to read resources.

There is no doubt that English is today’s language of communication.

If you understand English, you can access and understand many English resources. The majority of information security resources online are in English. English is a universal language. It’s required in almost anything in it. Please do your best to learn it well.

8. Read, Read, and Read

I remember watching a TEDx talk that gives an important and catchy quote, “Readers are Leaders”.

The more you read, the more you learn, the more you understand, and the more you improve.

It all starts with reading. There are a large amount of resources online that you can benefit from.

8. No Bulletproof Resource or advice will make you a good hacker

Information security is something other than a thing that you can learn from a single resource or place. Knowledge in the field is obtained through hard work and practice.

9. Practice in CTFs and Bug Bounty Programs

After working on all the topics above, it would be an excellent time to start with CTFs and Bug Programs. These programs help you in getting practical knowledge of information security. It’s fun and beneficial.



This post summarizes what I have in mind for starting in the information security field. It’s not bulletproof, but it will hopefully get you on a good level if followed right.

Best Regards,
Mazin Ahmed

Similar Resources

Mazin Ahmed

Mazin Ahmed

Thoughts of a hacker

rss facebook twitter github gitlab youtube mail spotify lastfm instagram linkedin google google-plus pinterest medium vimeo stackoverflow reddit quora quora