Skip to content

How do I start security testing?

There are many testers and hacking aspirants who write to me seeking guidance to learn security testing / hacking. I prepared a list to send for everyone. Then I thought of publishing the same on my blog so that I just give out my blog post URL and then can see it here. Even it helps for others who are landing here by searching on Google or any other search engine. So, here you go.

Web resources
Security testing checklist –
Security testing add-on(s) mind-map
Sysinternals Suite – Bunch of awesome utilities for testing activity – Google it and download the zip
file from Microsoft website.
Some of the security testing checklist mind-map by Darren McMillan –

Books suggested
The Art of Deception by Kevin Mitnick ( – It’s available)
Hacking for Dummies by Kevin Beaver (e-book available at – Search it there)
Web Services Hacking by Sreeraj Shah (Web Services Testing Book)

Learning to hack on these websites
There are different levels here and it gets more and more difficult over the duration after you
complete the exercise. Please do not look into solutions or google for it or else it is fun destroyer.

Things to do once back to desk
1. Install add-ons which can help you to perform security testing
2. Install Burp Suite, WebScarab
3. Subscribe to some of the hacking news and just read the headlines whenever you get time
4. Have passion for hacking / security testing / penetration testing
Follow these guidelines and you will


I have been as a software tester for over 5 years. I am a hands-on tester and I've been winning bug battles & testing competitions across the world. I am a testing enthusiast, who conducts free workshops on security testing across India (Covered locations: Bengaluru, Pune, Hyderabad & Chennai. Invite him to come to your location), and monthly meets for testers in Bengaluru. I am also an avid testing blogger.

My interests include traveling, driving my SUV, health & fitness and many others. I mentor budding entrepreneurs, testers, teams in any profession.

Latest posts by SanthoshTuppad (see all)



  1. Gagan wrote:

    Thanks for sharing the great resource Santhosh.

    Monday, May 14, 2012 at 11:48 pm | Permalink
  2. Vinayak Tejaswi wrote:

    Aprreciate it !!

    Tuesday, May 15, 2012 at 11:12 am | Permalink
  3. Great list Santhosh.

    Tuesday, May 15, 2012 at 7:29 pm | Permalink
  4. Del Dewar wrote:

    Nice list,

    Your addon-mindmap-fortesters-
    from-moolya link appears to be broken however…

    Wednesday, May 16, 2012 at 5:33 am | Permalink
  5. Del, Thanks :) There was formatting problem as some part of URL was coming in next line. Now, I have formatted it properly and the link works.

    Wednesday, May 16, 2012 at 9:42 pm | Permalink
  6. i’ve found web goat very useful in this. webgoat tool is an open source tool that i used initially for practicing website security testing sometime in the past.

    Saturday, June 30, 2012 at 3:27 am | Permalink
  7. Hi Santosh,
    Thanks for sharing :)

    I see Your Name column in comments doesnt accept: “Srinivas Kadiyala (@srinivasskc)”

    Is there any restriction, not to accept more than 19 characters?

    Friday, July 5, 2013 at 8:40 pm | Permalink
  8. The maxlength is 20. It is not really 19 characters, but more than 20 characters. I wanted to give you a tip here for your learning: You can find it out by yourself if there is a restriction by looking into maxlength attribute by inspecting the element of text field. Or else via source code (Right click and then view-source).

    Thanks for your comment.

    Monday, July 8, 2013 at 8:00 pm | Permalink

One Trackback/Pingback

  1. Five Blogs – 16 May 2012 « 5blogs on Tuesday, May 15, 2012 at 10:36 pm

    […] How do I start security testing? Written by: Santhosh Tuppad […]

Post a Comment

Your email is never published nor shared. Required fields are marked *