Tweet
Hey All.
I'm a student close to graduating and I am getting ready to start taking cybersecurity more seriously and really want to start learning the tricks of the trade.
I have been working on things I can add to my resume but I am trying to gauge whether or not trying for some HackerOne bounties would be a worthwhile learning experience, if not a good way to make extra some cash hopefully.
I tried scanning an apk freshly posted on there with a free vulnerability detector (I know this probably isn't where the pros would start) just to see if I could make sense of what results I got.
The whole android app looks pretty vulnerable and seemingly ignores a lot of best practices I have been reading about when it comes to security.
There are a few things I can tell are wrong with what I'm looking at but I'm not sure what type of testing methods I should try out first. The apk seems to have many flaws which would be easily exploited through:
Man in the middle scenario
Code injections
Brute force credentials guessing due to insecure RNG usage
At least thats what the detector program is seeing...
Anyway, if there is anything I should start with or if you wanna know more about the vulnerabilities please let me know! Would really appreciate some help getting started with all this.
I'm a student close to graduating and I am getting ready to start taking cybersecurity more seriously and really want to start learning the tricks of the trade.
I have been working on things I can add to my resume but I am trying to gauge whether or not trying for some HackerOne bounties would be a worthwhile learning experience, if not a good way to make extra some cash hopefully.
I tried scanning an apk freshly posted on there with a free vulnerability detector (I know this probably isn't where the pros would start) just to see if I could make sense of what results I got.
The whole android app looks pretty vulnerable and seemingly ignores a lot of best practices I have been reading about when it comes to security.
There are a few things I can tell are wrong with what I'm looking at but I'm not sure what type of testing methods I should try out first. The apk seems to have many flaws which would be easily exploited through:
Man in the middle scenario
Code injections
Brute force credentials guessing due to insecure RNG usage
At least thats what the detector program is seeing...
Anyway, if there is anything I should start with or if you wanna know more about the vulnerabilities please let me know! Would really appreciate some help getting started with all this.