Announcing Our New Web Security Academy!

Announcing Our New Web Security Academy!
Announcing Our New Nova Security Web Security Academy!


So you want to learn to find security vulnerabilities in modern web applications and report them lawfully in exchange for awesome (often monetary) rewards?

If so, you've found the right place! Welcome to our brand new Web Security Academy where we will focus on getting you to find your very first security vulnerability!

At the end of this series, you'll be able to understand how the web works, learn to work with the most used tools such as your browser and proxy interceptor and learn how to find and fully test common (OWASP Top 10) security vulnerabilities!

Table of Contents:

  1. A quick introduction to web application penetration testing (and bug bounty), basic requirements and what to expect.
  2. How the web works: Networking, the HTTP protocol & breaking down HTTP request/response elements, ... .
  3. Web app penetration testing tools: Your browser's console & Proxy Interceptor.
  4. OWASP Top 10 vulnerabilities: the most commonly found security vulnerabilities found in web applications, a complete & detailed guide from understanding the fundamentals to finding your very first vulnerability.
  5. Automation: A quick & easy introduction into security vulnerability scanning.

About the Author:

This blog is curated by the founder of Nova Security. I have around 4 years of experience in web application penetration testing & bug bounties. With thousands of vulnerabilities uncovered in (popular technology) companies, and a deep computer programming background (full-stack software engineer with 4+ years of experience), I'm more than assured that you'll learn a thing or two about web security from me.


What is Web Application Penetration Testing?

Web application penetration testing is the process of finding security vulnerabilities in mainly web applications but also other web services like APIs.
The main objective is to find as many security vulnerabilities as possible to resolve them on time and prevent them from getting used by bad actors.

What is Bug Bounty?

Bug bounty or bug bounty hunting is a type of activity where an ethical hacker or web application penetration tester is looking for security vulnerabilities inside a pre-defined scope and under an agreement with the company.
If the "bug bounty hunter" succeeds in finding a security vulnerability, he/she can report it to the company in exchange for a (monetary) reward, also commonly referred to as a "bounty".

Is this academy suitable for if I want to become a bug bounty hunter?

Yes, all the concepts you need to become a web app penetration tester overlap with bug bounty hunting.

Is Nova Security Web Academy free?

Yes, Nova Security Web Security Academy is at the current time completely for free. This is a project that is fully sponsored by Nova Security.

Should I learn a programming language?

This is not required but a lot of penetration testers (including me) do think that having a strong web development background does give you an advantage compared to others.

Is Web Security Penetration Testing for me?

This is hard to answer as it is highly personal to each individual, something that you should have the answer to. I do recommend you set a goal in a wide enough time frame to find your very first security vulnerability and also see for yourself if you enjoyed the process.

Are there any requirements from me before I start?

Yes, you will need access to a machine with an OS that you're familiar with, this can be Windows, or Mac OS any Linux distribution. Basic knowledge of (front-end) web development is going to serve you well later on too.

Read more