Web pentesting isn’t just about finding bugs and writing reports — it’s a process of deeply understanding how systems work, how developers think, and discovering the cracks that builders can’t see.
But after spending time doing pentests, I realized: finding bugs is only half the story. The other half is making sure those bugs never come back — and that’s why Application Security exists.
The 5-Phase Roadmap
I’m following a structured roadmap, from mastering hands-on pentesting to building a comprehensive security program:
Back when I was still a student (and a forum lurker), OSCP felt like something impossibly grand. Like looking up at a star in the sky and thinking “yeah, that’s beautiful” — never daring to imagine actually reaching it.
Then I graduated. Got a job. Had some money. One day I opened the OffSec registration page and thought: let’s just give it a shot.
And so it began.
Honestly, I Procrastinated a Lot
Truth is, the gap between when I “started studying for OSCP” and when I actually sat down to study seriously was pretty long. There were many evenings that should have been spent grinding labs but were wasted on pointless stuff instead.