To get the full experience following through the exercises, you should have a basic background in web application development - understanding the general patterns that power the modern web at a high level (for example, server-client, cookies as authentication, HTTP as a stateless protocol) as well as being comfortable with basic web technologies such as HTML/CSS, JavaScript, the browser, TCP/IP, and others. Having some penetration testing experience is helpful, but not strictly required. We also make regular use of the command line in this work, but there are often GUI-related workarounds.

If you have gaps in any of the above topics, I encourage you to still give the book a try. Additional resources, illustrative examples, and links to outside pentesting resources are designed to provide more context if you're stumped on any particular section.

You can download the example code files for this book from your account at www.packt.com. If you purchased this book elsewhere, you can visit www.packt.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

1. Log in or register at www.packtpub.com.
2. Select the SUPPORT tab.
3. Click on Code Downloads & Errata.
4. Enter the name of the book in the Search box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

• WinRAR/7-Zip for Windows
• Zipeg/iZip/UnRarX for Mac
• 7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Hands-On-Bug-Hunting-for-Penetration-Testers. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Mount the downloaded WebStorm-10*.dmg disk image file as another disk in your system."

A block of code is set as follows:

import sys, json
from tabulate import tabulate

data = json.load(sys.stdin)

rows = []

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

import sys, json
from tabulate import tabulate

data = json.load(sys.stdin)

rows = []

Any command-line input or output is written as follows:

docker run -p 8081:8080 -it webgoat/webgoat-8.0 /home/webgoat/start.sh

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Select System info from the Administration panel."