Hi everyone,

I tried to collect as much as I could in this road map but I probably forgot some stuff, if you think something is worth adding please let me know and I will add it to the list.

Pre-requisites

  • How the internet work
    • How the browser works.
    • What is DNS and how it works?
    • How HTTP protocol works and how your website is served by the server.
    • What is TLS and how it works?
  • OS basics
    • How operating systems work in general.
    • Linux
      • How to use the terminal, and basic terminal commands.
      • Linux file system basics and how to edit system configuration.
  • Web Development
    • SQL basics (I recommend MySql).
    • Learn a back-end language (I recommend PHP), and make sure to focus on the following topics (other topics are important too but these topics are the ones you can not miss).
      • Session Management.
      • Cookies.
      • How to interact with the database.
    • Learn front-end basics.
      • Javascript, make sure that you understand topics like what is DOM, CORS, postMessage, web sockets ..etc.
      • Learn HTML and CSS.
    • Learn how different types of APIs work, here are some examples
      • SOAP
      • Rest APIs.
      • GraphQL.
    • Study different types of authentication, here are some examples
      • Cookie-based.
      • Oauth.
      • Basic Auth.
      • JWT.
      • SAML.

Web Security

  • Start with the OWASP top 10 they're a must-know.
  • Start diving into the following topics (without tools).
    • SQL injection (reference)
      • In-band SQL injection
        • Error-based.
        • Union-based.
      • Inferential SQL injection (blind SQL injection).
        • Boolean based.
        • Time-based.
      • Out-of-band SQL injection.
    • XSS
      • Reflected XSS.
      • Stored XSS.
        • Blind XSS.
      • Dom-based XSS.
    • LFI/RFI.
    • CSRF.
    • SSRF.
    • Broken Access Control.
    • XXE.
    • Insecure Deserialization.
    • Server misconfigurations.
    • Exploiting known CVEs.
    • For a more complete list, you can visit the following pages from OWASP: Vulnerabilities and Attacks
  • Find tools in Github to scan for the above vulnerabilities.
  • To learn how to perform recon, a good start is The Bug Hunter's Methodology v4.0 - Recon Edition.
  • For a complete methodology check out the OWASP Web Security Testing Guide

Note: I added recon at the very end because you need first to understand why you're doing recon, without understanding the vulnerabilities, you will be collecting data without any knowledge of how to use this collected data.

Good Luck!