Important Programming Languages for Ethical Hackers

In my previous post, I explained How to become Professional Ethical Hacker, However still it wasn't complete guide, Many people's asked me which programming languages should i learn, So here I'm with new article - which programming language one should know and learn to become a successful professional Ethical hacker.

Can I learn Hacking without Knowing Programming?

Simply you just can't, Even if you managed to learn it step-by-step tutorial, You'll never be able to hack or pentest on your own. Its because you don't know the core and logic of target application, If you understand application logic you can easily play with it. So that's why it is highly recommended to learn programming languages to become an Ethical Hacker.

Which Programming language should I learn to become Ethical Hacker 

Here comes the main question which programming should i learn. Read below guide


Web Hacking

So if you're interested in web hacking. You should follow below guide.

HTML : Hyper Text Markup Language. Always learn from basic and HTML is important and most basic markup language. One should know it very well to understand web action/reaction and logic. HTML is static markup language.

JavaScript : JavaScript is the most used as client-side programming. You should learn it on high priority mode. Understanding JavaScript code logic can help you find web-apps flaw.

SQL : Structured Query Language is database programming language. Each and every data is stored in database so you should know about database programming and vulnerability as it is the most sensitive part of Web.

PHP : PHP is most popular dynamic programming language, Unlike JavaScript It is server-side programming language. PHP is strongly recommended to every beginner in Hacking and Penetration testing.

Programming Languages for Exploit Writing


Exploit writing is difficult and advance part of Hacking, It requires higher level of programming language. Every professional hacker must know Exploit Writing, It can be done in any programming language like C, C++, Ruby, Python etc.

C : The mother of all programming language, C is most used in software creation for Linux, Windows etc... However it is also used for Exploit writing and development. I would prefer to learn C first and recommend to you as well.

Python : Python is most used language for exploit writing, It is highly recommended you to learn Python Socket Programming because it helps lot learning exploit creation.

Ruby : Ruby is simple but complicated object oriented programming language. Ruby is very useful in exploit writing. Ruby is used for meterpreter scripting and do you know Metasploit Framework itself programmed in Ruby.

Programming Languages for Reverse Engineering


Assembly language, the one and only Assembly nothing but Assembly.

Assembly Language : Assembly Language is low level programming language but very complicated. One can instruct a machine hardware or software using Assembly language. Reverse Engineers uses Assembly language, and if you want to learn Reverse Eng, you must need to know Assembly Language.

Thanks for reading my article, It is purely based on my knowledge few resources and advice by Security Researchers. If you've any doubt feel free to ask in comment.

How to become Professional Ethical Hacker

Hi guys, In this article I'm gonna tell you some effective tips on How to become professional Ethical Hacker. Well I'm neither a professional nor an expert, the below article is totally based on my experiences, knowledge and some tips by professional security experts. Since last few days I've been receiving few email questioning How can I become an ethical hacker? Its hard for me to explain everyone particularly, So that's why I wrote this article.

4 Things you must know to become Pro Ethical Hacker


  1. Right definition and meaning of Hacker 
  2. You must know Programming and Networking
  3. Proper and right sources/resources of learning
  4. Determination, Passion and Curiosity to learn

I'll explain and elaborate above all tips in short, that will definitely help you in learning.

Right definition and meaning of Hacker



The very first thing you should know is meaning of Ethical Hacker. An Ethical hacker is someone who is trained with Hacking skills not to hack or exploit but to secure target or software. An ethical hacker finds vulnerability in software/application and fix or report it to owner. Unlike ethical hacker, the hacker will exploit vulnerability. An ethical hacker has legal license and rights to test application for vulnerabilities. Don't rely on tools. Vulnerability means weakness, flaw or weak point of an application.

If you're assuming there is an application that can hack anything for you, so let me tell that you're completely wrong. However there are few hacking tools that can be use to extract target information but there isn't anything that can hack or find vulnerabilities for you easily. At some point few automated vulnerability scanners can be used to find flaws but they are automated programmed, Logical bugs like Auth, 0-Days, Advance Input validation etc require human brain to understand and find vulnerabilities.

You must know Programming and Networking


Without knowing programming and networking you cannot hack anything, because every application is created using particular programming language logic and connected through Network. Unless and until you don't understand logic of application you won't be able to find its vulnerable point. Just keep in your mind that all application runs on logic all you've to do is find a way to alter its code/logic and gain unauthorized access. As you know every application is moving on clouds so knowing networking is another important thing you must know.

Proper and right sources/resources of learning


This is another important thing you should know. Not everyone knows about OWASP, Black-Hat, Securitytube, Vulnerability Lab, White-Hat community and other sources of learning. Don't be fooled by any website saying become hacker in 30 days. It takes years to become an expert hacker. Join forums, read blogs, watch training videos, Read ebooks, white-papers and vulnerability POCs (Proof of Concept) by Security and last but not least create a pentesting lab (Vulnerable app for learning)

In Hackw0rm blog you'll find many tutorials for creating penetration testing lab, training videos and ebooks to learn. Just click on the links, and explore.

Now all above tips won't make you professional licensed (Ethical) Hacker until and unless you don't apply for course/license and get certified. Here are some few best courses to become ethical hacker or professional penetration tester.

Professional Ethical Hacking and Licensed Pentesting courses


CEH - Certified Ethical Hacker
LPT - Licensed Penetration Tester
CCSN - Certified Cyber Security Ninja
CHFI - Computer Hacking Forensics Investigation
CISSP - Certified Information System Security Professional

Determination, Passion and Curiosity to learn


Determination and Passion isn't just words, It's everything. Be determined and focus on learning, Always remember that "Expert in anything was once a beginner" and beginning is always the hardest part. Motivate yourself, Keep up learning. Make it your passion, Read inspirational interviews of security researchers on our blog. Always have the curiosity to know how things, How stuffs work, Remember Hacking is an art.

Thanks for reading article, I haven't elaborated it deeply but do not worry. I'm gonna write some more posts on programming, ethical hacking and networking. If you've any doubts feel free comment

OWASP Web Application Pentesting Guide Ebook

Hi, I hope you'd read my previous post - An Inspirational interview of a very passionate pentester and security researcher. Today I've shared latest release of an Ebook by OWASP - Web Application Pentesting Guide v4.0, I'm reading it from last 3 days and trust me its one of the best ebook to learn lots of Web Application Penetration Testing. The Ebook is contains 224 pages of web application pentesting guide.

What are the benefits of reading this Ebook?


If you want to learn Web Application Penetration Testing There are many benefits of reading this ebook, It covers almost all web application vulnerability testing guide, which helps lot in learning and exploring web application penetration testing. Very informative for beginners who are curious and willing to learn penetration testing.

Table of Contents (In short)


Here is a short glimpse of OWASP Testing Guide Ebook. Note this is only short glimpse of table of contents please download and you'll learn lots of advance web application penetration testing and vulnerabilities.

  1. Authorization Testing
  2. Session Management Testing
  3. Input Validation Testing
  4. Client Side Testing
  5. Authentication Testing
  6. Identity Management Testing

Click Here to Download OWASP Web App Testing Guide v4.0

Many more such as; Testing for Authorization and Authentication vulnerabilies, Input Validation is one of the most common for eg: SQL, XSS, LDAP, XML, RCE testing guide. Session management, And Identity management testing. If anyone interested in Web Application Penetration Testing its highly recommended for you.

Meet Jasminder Singh - Indian Security Researcher

Hi friends first of all I really apologize for not being active on my blog. So here I'm back with an exclusive interview article of a very passionate security enthusiast and a bug bounty hunter - Jasminder Pal Singh (Jas) aka Zero-Guy. What's catchy about Jas is he is very humble and have lots of patience towards his work, And of-course he respect and guide newbies like us. Let me mention his recent achievements; Recently he discovered critical stored XSS flaw in YouTube, As a white hat he immediately reported it to Google Security Team and he received positive reply. That's not all, He'd also discovered multiple vulnerabilities on Nokia, Facebook etc.

Today Jas have shared his journey, motivation and lots of good guides with me and our blog community Hackw0rm. Go through it, I'm sure you'll like it :)

1. Hello Jas, Please introduce yourself to our readers


Hello, I'm Jasminder Pal Singh, another computing and internet addict. The main areas I love to work on are Web Development and Web Application Security Research. About the studies, I am a B.Tech holder in the stream of Computer Science and currently persuing Masters in the same. Professionally I am a freelance web developer and web application security penetration tester.

2. How you got fascinated towards Security field?


I was attracted by the word "Hacking". Few years back before coming into security research, I was into malwares, Trojans etc. I studied how they work, did the stuff practically. I just loved these things. But I had to drop them because there was no peace of mind while working with these things and jumped into web development so obviously I was aware that there are destructive minds to attack my web apps. I wanted to make them secure so I started learning web application security & now doing Bug Hunting too.

3. What motivates you? and who stands as your Inspiration or Ideal?


Actually there were many motivations/inspirations during the journey and its still ON, If you ask about Web Application Security, it is necessary for a web developer to secure their developed applications. I want to give credit to two persons. One is Rafay Baloch and other is Siddhesh Gawde. Siddhesh once sent my name for Microsoft Hall of fame, I didn't do anything though. I was quite happy and decided to start penetration testing. After that I was strongly inspired by the research of Rafay Baloch. He is very genuine person and helped me quite a few times.

4. Apart from Pentesting stuff what else you like to do?


  • Apart from web application security testing
  • Being a web developer I like to develop interactive/dynamic web apps.
  • I love to capture imaginary shots with my Lumia 820, Few shots.
  • I love to watch moon while listening to some good music.

5. Describe your IT Security (Pentesting) Journey?


I started pentesting around 2 years ago. As I wrote above I was strongly inspired by research of Rafay Baloch in the field of web application pentesting. At first I started securing the applications I developed and then started testing the websites which fall under vulnerability disclosure program.

6. If money weren't an issue, would you be still in IT Security field?


Yea, IT security is my passion. I take finding bugs in big Orgs, as a challenge. It gives me self happiness. Obviously money is a point too but its more about passion. While back I wrote something about it

"Money is slave of Skills, just make sure you're not after the slave."

7. What is your advice to beginner in Pentesting or (Hacking) field?


Well, I am not an expert. I am just a fresher in the big world of IT security but yes based on my tiny experience I have few suggestions for very beginners.

i) Learn the basics: This is key, without basics we are like shooting arrows in dark. It may hit correct sometime by chance but majority will go in vain. I would like to quote few words of Amine Cherrai.

"Never try to think outside of the box before you know what is inside it"

I was into web applications development before pentesting, so i had some command over web development languages like php,js,html/xhtml,css etc. It helped alot to understand the behavior of the application. I was able to code my own payloads instead of injecting static ready made vectors.

ii) Watch POCs / Read WriteUps: Its a good practice to watch video Proof of Concepts and read the writeUps of bugs discovered by other security researchers. It will increase your area of thinking about injecting into application. Some good resources are: Hackerone.com, vulnerability-lab.com, Youtube.com(Video POCs). On Youtube set the search filter to "Last Week" and input search terms like "XSS" , "CSRF" etc and watch the latest POCs.

iii) Avoid Pentesting the websites which doesn't have a Vulnerability Disclosure Program. Its kinda against the rules aka illegal. There are many websites you can practice pentesting. Here is the list Vulnerability Lab

iv) Follow IT security and pentesting field people on twitter, I follow some good researchers on twitter. Also navigate to hall of fame pages of different websites like google, facebook etc and check out the websites/blogs of the researchers.

8. Which is your favorite Vulnerability found by you?


#1 Last year I discovered a DOM based Cross Site Scripting bug which abused CORS in Nokia's Ovi Store. It affected whole site. I have shared the writeUp of this bug on my blog. It was quite interesting bug, I had to work lot to make the vector a.k.a payload.

#2 Second vulnerability which is also my favourite was in Youtube.com. I haven't disclosed its Write-Up, because its not fixed yet. Will write about it once it gets fixed.

9. Which is your most favorite Quote or Thought?


"Getting Inspired instead of being jealous on someone's success will lead you towards the Success."

10. Share your thoughts about Hackw0rm blog


You guys are doing good job, because I believe every person has some good actually interesting knowledge that is worthy to be shared. You are making contacts with IT security related people, talking to them and making the information/knowledge they have, available to public. I really liked this idea. Keep it up.

*Thank you very much Jas, Is there anything else you want to share?

Thanks to you too. Yea, I suggest you guys to show your work to your good friends who always encourage you to keep it up . It gives much power to work more. I would like to thank all my friends (Roshan, Raamee, Romy,  Sahil, Sael, Siddhesh, Nirmal, Akash, Ravi, Sachin and many more) and readers of my blog. There are my social media links below, anyone can contact me if any queries.

Find Jas on Web : Website | Facebook | Twitter | LinkedIn | Google+

Learn Web App Pentesting by Web for Pentesters Ebook

Hi guys, Today here I got something very useful for you. Web App Pentesting guide e-book by Pentesterlab - Web for Pentesters. Really it's an amazing, useful, e-book for beginners interested in Web Application Penetration testing, Ethical Hacking or Security Researching. I've been reading this e-book and without any doubt, I learned lots of new stuffs about Security and Pentesting.

Web for Pentesters eBook


The book is divided into two part. In my view; Intermediate and Advance. Obviously advance one (second part) is very informative for security researchers but here I strongly recommend to read part one first. Web for Penetration e-book covers very easy and important  tutorial for beginners in Penetration testing, Ethical hacking, Network testing and some more security stuffs.

Web for Pentesters e-book focuses more on Web Application vulnerability testing and exploring its variations. One must be femiliar with TCP/IP and HTTP protocol, LAMP and programming languages.

Click Here To Download Web for Pentesters Part 1
Click Here To Download Web for Pentesters Part 2

Should I Download it ? Is it Useful to me ?

Absolutely yes my friend, This e-book helped me a lot learning Penetration testing and some advance Security / Ethical hacking stuffs. If you're beginner in Ethical hacking / Pentesting and seeking for something that would help you to learn real web pentesting than I would strongly recommend you to download this 3.5 Mb eBook.

NOWASP Mutillidae WebApp Pentesting Solution Videos

Hi guys, I hope you've read my article on How to create a virtual penetration testingl lab using NOWASP Mutillidae, And definitely you've installed it but did you solved all WebApp pentesting problems?. Okay here I got complete Webapp pentesting solution videos of NOWASP mutilliadae. I've zipped around 30 web application hacking videos, So go ahead download and learn, practice Ethical Hacking and Penetration Testing.

NOWASP Mutillidae Pentesting Video Tutorial List

I'll only say don't miss it and download. It is really very useful for beginners in Ethical Hacking and Penetration testing. Below is the list of video tutorial titles, explore it and see what you can learn. For the first time when I got all these tutorials, I was like OMG! this is awesome.

Make sure you only try this tutorials in NOWASP Mutillidae Pentesting Lab.

Click on Image to Enlarge
NOWASP Mutillidae WebApp Pentesting Solution Videos

Download NOWASP Mutillidae WebApp Pentesting solution videos

It's nothing hard to download just click on below's link and you'll be redirected to Google Drive - Click. In above navigation panel you'll find download button. It might show you warning (We can't scan files for virus), It's because the file is too large, so that's the reason google drive don't scan huge files. But don't worry! It's virus free and Click on Download. Enjoy

Click Here To Download NOWASP Mutillidae Pentesting Solution Videos

Thanks for reading. If you've any further doubts feel free to comment and let me know.

OWASP Web-Goat Solution Videos Ethical Hacking


Whether you believe or not, but that's true - Every beginner install and create Penetration testing lab but don't know how to hack because the fact is he hasn't learnt everything properly. So  today is really something very special for you guys. We've zipped complete WebGoat Pentest lab video tutorials.

{OWASP WebGoat is very powerful and huge Penetration Testing Lab (Vulnerable Web Application) to learn WebApp Hacking. It's really very awesome in it's own structure and features. Click Here to Get One}

Is that true ? How you got ? Where is it ?

Yes! Well, I've got this in OWASP Site. This is really an awesome resource for beginners to learn Hacking + Penetration Testing - With Solutions, and that's fantastic!. You might have read my article on How to Create an Extreme Penetration Testing Lab Using : OWASP WebGoat. (Lot's of readers asked me for solution videos too, so that's the reason I've hunted this.).

We've Hosted it on Google Drive. It's Size is 387 MB (ZIP). It's really very simple to download it. Click Here to Go on Download Page. Learn & Hack.

How to use it ? isn't it little messy ?

Nope! it's very simple to learn through it, just you'll need a Web-Browser to watch all videos (Video Embed into HTML + SWF). After downloading, Extract ZIP calmly, You'll get a folder named "Viewer" - Go in it - And You'll find index.html (Double Click & Start it in your Favorite browser.)

Next you'll come to see one logo "YGN Ethical Hacker Group" - If you want to read description, then please do nor go on scrolling until you get video tutorial index (Listed with tutorial name and vulnerability).

There will be list like this! 

So, assume that you want to learn SQL Injection so click on Injection Flaws, your browser will automatically take you to Injection Flaws Page.


(Remember not to click on DOWNLOAD, because it's already there in your own computer.) Click on View, wait for 3 Second, and your tutorial will be started.

Thank you for reading my article, If you like it please share it and increase us. More gazing hacky stuff will come soon. Till then cheerio.

Why You must know Programming and Networking to learn Hacking

Hi readers, today I'm not gonna share any tutorial but a short guide, which I've experienced in my learning carrier. In Hacking filed when you ask somebody How can I become Hacker? they strongly suggest you to learn programming and networking don't they? but why? Well that's what we're supposed to discuss in this post.

Why everyone suggest learning Programming before Hacking ?


Programming is base and the language which computers and software understand, If you want to hack application then you must learn to communicate with computer application using programming languages, That's how you can understand its behavior, logic and vulnerability and finally you can easily hack it. Every software, app or web-app you use is coded in some programming languages. You don't need to learn all languages only few important one, However all languages have same logic, its only the matter of codes and commands. So now if you wanna break something, first of all learn everything about it. And that's why everybody suggest you to learn programming before learning Hacking or pentesting.

You Must Read : Important Programming languages for Ethical Hackers

Why you should learn Networking too?



Well, If you want to become Network or Web Pentestes you must know networking, because the application you'll penetrate or hack is on Network. If network protocols or system are vulnerable everything can be hacked. Network is almost everywhere, All apps are moving on cloud and cloud storage is evolving very fast. Every Web Applications and sites runs on network protocols - TCP/IP, HTTP etc... It's really very highly recommended you to learn and understand how all these protocols communicates with each other.

Where can you learn Programming and Networking? (Sources of learning)


Google, The best place to learn anything you want to. All you need is curiosity, passion and determination. You can read blogs, download eBooks, and watch video tutorials. That's all, there are tons of resources all you need is step forward and start learning. For programming w3schools and tutorialspoint are best. Now to learn networking read eBooks and watch video explanations. Although you can also join any institute or classes to learn programming and networking, but don't sit and think - start learning and exploring.

You Must Read : How to become Professional Ethical Hacker

Thanks for reading, Hope you liked it. If you have any doubt feel free to comment. And don't forget to share.