Hello, Yogesh Prasad Introduce YourSelf To Our Readers
Hello Everyone! I am Yogesh Prasad. I am an Ethical Hacker and Security Researcher from New Delhi(India). Currently I am working as a Cyber Security Analyst at Indian Cyber Army. I have been acknowledged and appreciated by many MNCs including Google, CISCO, Intel, Nokia, Seagate, Nvidia, Ebay, Eset and many more. Some of my Achievements can be found here, In My Website Here
Original Link :
When Did You Start Hacking And Tell Us About Your Experience
I spend most of my time with internet to learn new things in IT world. At the age of 18, first time I heard the name of Hacking. But at that time I had a negative perceptions about hacking, like mostly people think of it. I started learning hacking from internet (Mostly Black Hat) for fun. But after few months I came to know that security is somewhere exist in hacking world.
Then I started learning about security part in hacking but still I was not aware about Bug Hunting. After a long time ,at the age of 21 I found a post about bug hunting on Facebook. Then I searched on Google about it and found something interesting. After that I implemented my penetration testing skills in bug hunting and reported critical vulnerabilities to top MNCs like Google, CISCO etc.
What did you study?
I did my B.C.A from Gujranwala Gurunanak Institute of Management & Technology and M.C.A from Bharat Institute of Technology, School of Engineering, Meerut.
How Did You Start Learning Hacking And Who Taught You?
See hacking is a word which normally creates a negative perception in mind of a human being. The condition is same with the parents of all of us. So we can understand that what would be reaction of our parents when we tell them we want to become a Hacker. So I had undergone with the same situation. So instead of asking my parents for learning ethical hacking from any institution I started learning hacking at my own with the help of Google and some other useful websites and forums.
“As per my perception hacking is a field of research so no one can teach you hacking better than Google and your research”.
Which Website/System Did You First Break Into?, What’s The Vulnerability?
As a security researcher , I broke into a well known school website(Can’t disclose the name). The interesting part is that still they didn’t fix the vulnerability. I reported more than 3 times but still I didn’t get any reply. The website has 10+ Cross site scripting vulnerability. I can say the website is full of XSS. I don’t know why they don’t want security of their website.
What Advise Will You Give To Beginners Coming Into This Field?
See as per my experience most of the people want to be hacker but the main problem is that they really don’t know what are the right steps to start in this field. Whenever a person wants to start in hacking he/she try to search some negative keywords on google like “Hacking tricks”, “How to hack Facebook /Gmail/ Wifi Password” etc which leads them to black hat hacking and after some time they get involved in cyber crime activities.
Which gives a negative perception to all the persons. So apart from hacking one must need to know that what hacking is all about. We need to understand that what may be the result of doing unethical hacking. So we need to start hacking with guidance of cyber security experts which will help them not to do cyber crimes.
So finally I will say “Be a security Professional , Don’t be a Hacker”.
Is Programming Language Really Important, Why? And Which Language To Learn
If you want to create your own Hhacking/Security tools then you must go with Python. So finally I can say programming language is not mandatory in hacking but you should learn it for additional and better support in hacking.
What Methodology Do You Use When Participating In A Bug Bounty
Now a days most of the bug hunters start bug hunting on a website using a scanner like Acunetix, Nessus etc copy result from scanners and report to the client but this is not a good idea for bug hunting. If you want to be a successful bug hunter then first of all start learning OWASP and learn the concept of every attack,how they works and how they can be exploited.
Then perform both scanner and manual testing on website(Don’t use scanner in case website owners don’t give you permission to use scanner).After testing for vulnerability start thinking about attack scenario and create POC as per your thinking not from scanner.
How Do You Keep Your Skills Fresh?
No doubt, no one can become a good hacker without the updated knowledge of latest technology, attacks and security techniques. So in case of me , I always keep my self updated on latest technologies, attacks and security techniques by reading hacking blogs, forums, Tech news and attending workshops/seminars/webinars/conferences.
What Do You Think Of The Future Of Bug Bounties Programs?
Without any excuse and doubt bug hunting have a great future. It is helpful for both Bug Hunter and Websites. Bug hunters can get an experience of working on live projects in bug hunting and can generates a massive amount of money from it. On other site website owner gets opportunity to get their website tested by all the brilliant hackers of world without hiring them.
What Are The References/Best Resources To Get Started?
As I already said Google is best resource for learning Bug hunting. There are lot of E-books which covers all the concepts of Web Application Penetration testing and Security and OWASP.
You can also go with my website http://yogeshprasad.com/ which have some useful stuffs for Bug hunters including POC of my findings on websites of top MNCs.
Here is a list of websites which will help you to learn WAPT and OWASP.
Thanks Yogesh for your time 🙂