Need help starting web based bug testing

Hi guys!, 

I need help starting website bug testing. I do not know what programs to choose and where to start. If you have any advice for me please tell!

Thanks in advance!!! 

"It's not a bug, it's an undocumented feature." - Software Developer

 

"Unfortunately, no one can be told what the Matrix is. You have to see it for yourself." - Morpheus. 





Sorry, I had to give you some quotes to get you thinking. Can you please be more specific? Do you have a webserver in a production environment? What kind of bugs are you looking for? Are you using the LAMP stack? The most important thing about troubleshooting/debugging is having a straightforward and well-documented process. If you start methodically, good results will follow. 

 

Web stuff really isn't my thing but you could just use a fuzzer to find some bugs

I am looking to learn security inconsistencies in secure sites mainly. But i am open to learning anything!

If web based pentesting is what you're looking into check out webgoat and mutillidae. They are webservers that run locally and are vulnerable on purpose for people to use to help them learn web app hacking. It's mostly SQL injection vulns and XSS vulns but that's not necessarily a bad thing since there's a lot of that out there.

 

EDIT: Forgot to mention, run webgoat & mutillidae in a virtual machine as running them on your machine can make your machine vulnerable to attacks.