From System Administrator to Bug Bounty Hunter: A Journey into Web Security

I’ve been in IT for over 18 years, starting in 1st-level helpdesk support and progressing to a system administrator role. To be considered an expert, they say you need about 10 years in the field, so I feel pretty solid in my 18+ years of knowledge. Lately, I’ve also taken an interest in web development. I’m the first to admit that I’m no coder, and everything I’ve built has been for internal use only; at this stage, that’s where I’m comfortable.

The IT landscape has shifted significantly over my career, moving from on-premises setups to more cloud-based solutions. Years ago, we had over 130 in-house Windows servers, but that number is now less than a third as systems migrate to the cloud. Cybersecurity has grown rapidly, and as IT professionals, we’re deploying more online systems than ever. With data breaches becoming more frequent, it’s essential to understand what’s happening behind the scenes.

When it comes to deploying workstations, servers, or NAS devices, I instinctively know the steps to secure them. But with web applications, I’m often relying on the companies behind them to prioritize security. While bug bounty programs help keep developers accountable, it’s concerning that in 2024 we’re still hearing about plaintext credentials, SQL injections, XSS vulnerabilities, and other security flaws. So, what exactly are these vulnerabilities, and how do they work? Well its time to find out.

When I code, I sometimes wonder if I might be introducing vulnerabilities that could leave unintended gaps, potentially inviting hackers to exploit my applications and embed themselves in my systems. This made me think about the risks and inspired me to learn more about secure coding.

Luckily, I have a small training budget at work, so I figured, why not use it to dive into Application Security (AppSec), to learn along with hands-on experience and learn from my mistakes? There’s a lot to absorb, and while online resources are a great start, many hands-on labs created by experts offer valuable, practical learning opportunities. I’ve always enjoyed understanding how things work under the hood, so I decided to build a PHP application with a MySQL backend as a custom CMS, using it as a foundation to enforce what I’m learning and teach me to code more securely.

I figured the best place to start would be with an administration portal, as every CMS includes one. So, with the help of AI, I began building it. I started by asking for guidance on setting up a basic administration portal and tailoring it as a training tool for my learning journey

I’ll be using the popular LAMP stack (Linux, Apache, MySQL, and PHP). Since Linux servers aren’t my strongest area, I set up an Ubuntu 22.04 server and installed Virtualmin to ensure that LAMP is configured correctly, focusing more on the coding than on the server setup.

Because this project is entirely internal in my lab, I decided to go all out: I set up internal DNS servers, a local Certificate Authority (CA), and I plan to add a mail server later on to fully simulate a real-world server environment. As I mentioned, I’m not comfortable deploying my application on the public web just yet.

I’m stepping out of my comfort zone, and I’m sure I’ll make a few newbie mistakes along the way. Let’s see if this old dog can learn some new tricks!