Is there any way to get hands-on experience with Web Application testing while not working as a tester? Are there any initiatives where people post their production and real-world apps for people to test them?
-
What you are asking for is "bug bounties". Many companies have them. – schroeder Jan 13 '17 at 16:25
-
You can also mine the entirety of GitHub. – schroeder Jan 13 '17 at 16:26
-
1Install any open source web application on a local box and attack it? Most open source projects will be appreciative of security reports, but do check how they prefer to receive these, especially if you find anything particularly serious. – Matthew Jan 13 '17 at 16:38
2 Answers
If you're talking about "real-world" applications to test, then like schroeder mentioned, bug bounties are your best bet. But then, while companies have them, there are a few online platforms where you can find a bunch. Examples -
You register with these platforms and more or less just start pentesting live websites like Uber, Netflix etc (make sure to follow their terms and conditions!). These are just the tip of the iceberg. Many companies provide their own bug bounty programs, competitions and so on. Beyond these, well, you could always install instances of buggy applications (WebGoat etc) and practice more.
- 533
- 2
- 13
You can also try some of the competitions where real web applications are put up for candidates.
I personally started with https://ctf365.com/.
There are more such challenges in the below question