web applications pen Testing and samurai framework for web applications testing

https://www.tutorialspoint.com/penetration_testing/penetration_testing_quick_guide.htm (step by step procedure on manual testing and automated pen testing)
 Penetration testers knowledge and expertise: 
Black hat attack methodologies (e.g., remote access attacks, SQL injection)
Internal and external testing (i.e., perspective of someone within the network, perspective of hacker over Internet)
Web front-end technologies (e.g.,Javascript, HTML)
Web application programming languages (e.g., Python, PHP)
Web APIs (e.g., restful, SOAP)
Network technologies (e.g, firewalls, IDS)
Networking protocols (e.g., TCP/UDP, SSL)
Operating systems (e.g., Linux, Windows)
Scripting languages (e.g., python, pearl)
Testing tools (e.g., Nessus, Metasploit)
In short, penetration testers provide a deep look into the data security of an organization.
https://www.netsparker.com/blog/web-security/getting-started-web-application-security/
https://searchsecurity.techtarget.com/tip/5-step-checklist-for-web-application-security-testing
https://www.tutorialspoint.com/penetration_testing/penetration_testing_quick_guide.htm
https://www.guru99.com/web-application-testing.html
http://www.internet-computer-security.com/VPN-Guide/SSL-VPN.html
https://sectools.org/tool/samurai/
https://www.apriorit.com/dev-blog/622-qa-web-application-pen-testing-owasp-checklist

What are the Skill-Sets of Ethical Hackers?
Expert ethical hackers have the following skill-sets to hack the system ethically

• They must be trustworthy.
• Whatever the risks and vulnerabilities, they discover while testing the system, they have to keep them confidential.
• Clients provide confidential information about their system infrastructure such as IP address, password, etc. Ethical hackers need to keep this information confidential.
• Ethical hackers must have sound knowledge of computer programming, networking and hardware.
• They should have good analytical skills to analyze the situation and speculate the risk in advance.
• They should have the management skill along with patience, as pen testing can take one day, one week, or even more.

What do Ethical Hackers do?
Ethical hackers (while performing penetration testing) basically try to find the answers to the following questions −

• What are the weak points that a criminal hacker can hit?
• What can a criminal hacker see on the target systems?
• What can a criminal hacker do with that confidential information?

Moreover, an ethical hacker is required to address adequately the vulnerabilities and risks, which he found to exist in the target system(s). He needs to explain and suggest the avoidance procedures. Finally, prepare a final report of his all ethical activities that he did and observed while performing penetration testing.

SSL VPN (Secure Socket Layer VPN)

       Now vendors have started making use of the SSL application layer protocol in conjunction with VPN’s. SSL provides excellent security for remote access users as well as ease of use. SSL is already heavily used such as when you shop online, accessing your bank account online, you will notice an SSL protected page when you see the “https” in your browser URL bar as opposed to “http”. The difference in using SSL VPN is, with IPSec a remote user would require client software and would need to configure this. However with SSL VPN you do not need any client software as you log into a portal. You just need the URL address and use a web browser to access the portal.The portal is a GUI interface that is accessed via a web browser and contains tools and utilities in order to access applications on the network such as RDP and Outlook. SSL VPN can also imitate the way IPSec works via a lightweight software client that can be configured and installed without much effort, which simplifies the process in securely accessing the corporate network.

       For a first time VPN user using SSL they would access the VPN gateway via their web browser either using an IP address or a domain name. This would take them to a GUI asking them to log in. To imitate that of the way IPSec works (giving full access to the network from a client) client software can be installed via ActiveX or Java. When client software has been installed, remote user would be able to login which will create a VPN tunnel from remote user to VPN gateway. Now the end user will have access to their network resources.

         The client software installed through a web browser is a breeze and in fact you would not notice much at all. All the settings are configured for you, and it is as simple as clicking a button when installing client software for SSL VPN.

Nessus tool, Code development of web applications and networking

Nessus tool report analysis
https://virginia.service-now.com/its?id=itsweb_kb_article&sys_id=75e70054dbb553404f32fb671d9619d5
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H (CVSS report analysis)
https://www.greycampus.com/opencampus/ethical-hacking/sniffing-and-its-types (SNIFFING types)
web applications
https://developers.google.com/web/tools/lighthouse/audits/oversized-images
https://securityintelligence.com/a-step-by-step-guide-to-vulnerability-assessment/  (security news for updates)
https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html (OWASP cheat sheets)
https://www.hackingarticles.in/sessions-command-metasploit/ (Hacking Articles)

https://www.greycampus.com/blog/information-security/penetration-testing-step-by-step-guide-stages-methods-and-application (Pen Testing - step by step guide)

https://www.eurovps.com/blog/important-linux-log-files-you-must-be-monitoring/ (Linux commands - Log files)

session tokens, cookies and networking

https://www.enisa.europa.eu/events
https://www.first.org/cvss/calculator/3.0 (CVSS calculator)
https://tools.cisco.com/security/center/cvssCalculator.x (online CVSS calculator - interactive)
https://www.first.org/cvss/specification-document#3-1-Exploit-Code-Maturity-E (CVSS 3.1 guide)
https://www.recordedfuture.com/cvss-scores-guide/ (CVSS score guides)
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator (CVSS score  calculation procedure)
https://rhinosecuritylabs.com/landing/network-penetration-test-report/ 
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html
https://www.tecmint.com/tcpflow-analyze-debug-network-traffic-in-linux/
https://searchnetworking.techtarget.com/answer/How-to-interpret-test-scan-results-to-assess-network-vulnerability
https://www.us-cert.gov/ncas/analysis-reports/AR19-100A
https://security.berkeley.edu/faq/nessus-network-vulnerability-scanning
https://engineering.purdue.edu/kak/compsec/NewLectures/Lecture29.pdf

Hackers club tools
https://hackersonlineclub.com/vapt-tools/
https://hacken.io/research/education/how-much-does-penetration-test-cost-or-price-of-your-security/ (cost of pen test analysis)
https://searchsecurity.techtarget.com/feature/Choose-the-best-vulnerability-assessment-tools
https://www.enisa.europa.eu/topics/csirts-in-europe/glossary/vulnerabilities-and-exploits (Vulnerables repository)
https://www.exploit-db.com/ (oldest vulnerables repository)
https://snyk.io/vuln (existing vulnerabilities repository database)

Amazon Web Services(aws)
https://www.andreafortuna.org/2018/07/18/tcpdump-a-simple-cheatsheet/
https://virginia.service-now.com/its?id=itsweb_kb_article&sys_id=75e70054dbb553404f32fb671d9619d5 Plugin are similar to virus information

Nessus security centre (Tenable.sc) tool
https://www.tenable.com/sc-report-templates/tcp-metrics-report
https://gf.dev/website-audit  (website testing)
https://www.bonkersabouttech.com/security/40-plus-list-of-intentionally-vulnerable-websites-to-practice-your-hacking-skills/392 (vulnerable sites to practice)
(windows 10 64bit .iso iage to download) https://zillowtech.com/download-windows-10-iso.html
https://www.technewsworld.com/story/54411.html 

CEH tools tutorials

https://github.com/enaqx/awesome-pentest (download all CEH tools and its books)

Netsparker

https://www.netsparker.com/plans-comparison/
https://ethical-hacking.soft112.com/
https://www.dr-farfar.com/netsparker-professional-full/ (netsparker tool -download cracked version V5.3.0.24388)

web application vulnerabilities and HTTP protocols

https://medium.com/@TechExpertise/owasp-top-10-web-app-vulnerabilities-over-time-8997af9cb13a


https://www.httpdebugger.com/http/http_protocol.html
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html


https://intellipaat.com/blog/interview-question/ethical-hacking-interview-questions/



Cheatsheet- XSS Filter evasion
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet 

CISSP certification

https://www.guru99.com/cissp-certification.html

Match the Eligibility Criteria: Key prerequisites

• You need atleast 5 years cumulative paid full-time work experience in at least two domains of the CISSP Common Book of Knowledge.
• Getting 4-year college education degree or a regional equivalent of a cissp credential from the (ISC)2 approved list. This helps you to satisfy 1 year of the required experience.
• If you don't have the needed experience to become a CISSP professional, you can become an Associate of (ISC)2 by passing the basic level the CISSP examination.
• The Associate of (ISC)2 will then get 6 years to earn the 5 years required experience.
• Once you get the certification, you should recertify it after every 3 years. Recertification is accomplished by earning continuing professional education (CPE) credits and paying an annual membership fee.

SaaS pen testing tutorials and questions

https://blog.cobalt.io/pen-testing-for-saas-companies-f472f4e72e44
https://www.breachlock.com/penetration-testing-for-saas-companies/
https://techbeacon.com/enterprise-it/pen-testing-cloud-based-apps-step-step-guide

https://oer.galileo.usg.edu/cgi/viewcontent.cgi?article=1009&context=compsci-collections (network security and penetration testing)

http://www.c4learn.com/c-programming/c-pre-processor-directives/