How To Do Web Penetration Testing?

What's the best way for a web application developer to transition to a career as a Penetration Tester?

• I recently graduated from Dev Bootcamp, where I learned to build web applications using Ruby, Rails and Javascript.  However, I'm considering pivoting to a career in penetration testing and ethical hacking, and I'm wondering where I would need to start.  I assume it would be necessary to learn Java and/or C/C++?  What else should I add to the list?

• Answer:

  Well, to be very straight forward to the point I would like to mention that it's not mendatory to learn C or C++ or any language to be a pentester. With my experience, I can say that having knowledge of these will surely make your way easy but it's not like that you can't have a career in pentesting without learning these languages. Please note the step by step guidance to be a professional pentester. 1. Collect good knowledge of fundamentals of computer. But as you said you are already a developer so you might be knowing lot about softwares and working, so better concentrate on hardwares too. 2. If you are a web application developer then it's better to go in web application and web server hacking field. Research on various vulnerabilities in websites, basically SQL Injection, DNN, DOS, XSS, RFI, LFI etc. Read about what, why, when and how. 3. Also learn about basic concepts of database management, networking and internet protocols. 4. After that research and practice on Linux, Linux is the best platform to learn hacking. Try to got involved in command lines more then GUI. 5. Chose a top class certificate in this field, CEH, ESCA, CCNA or CHFI to be mentioned. Check their modules, research on them, prepare yourself with help of someone and appear in the exam. You can mail me on for any more details you want.