Transitioning
I want to transition more into cyber security, I am currently a professional full stack developer thats fairly proficient in a lot of different web technologies. I recently got a degree in cyber security and want to get more into it.
I played around with common exploits like XSRF, SSRF, CSRF, XSS, SQLI, USQLI, LFI, Directory Traversal, HTTP Polution, and a few other attacks on my private network and have a fairly good understand of how these all work.
I downloaded a weba pp that is purpesefully vulnerable and what able to execute just about every attack vector on my list, but now I am not sure what to do. I’d like to get more into bug bounties, and find some security related issues on sites, to get paid for that. But I’m not quite sure where to start, I’ll find a site, and test for these attack points, but rarely find anything.
I tried dorking but even sites that seem to have some secrity issues, I can’t manage to get much out of them too. I’d love advice on how to get better, or how to actually succesfully pen-test a site with permission ofc.
I have the development side down, and I feel like that is a great start, but I want to grow and become just as proficient in cyber security as i am with development here.
Thanks everyone!!!