I am in the early stages of learning and getting certs, but one of the most intimidating things so far is 1: trying to understand wth they are even saying, and 2: understand all the complex and ‘intimidating’ terms arent even that crazy.
For example, learning about basic sql attacks. Everyone is slinging all these terms around about ‘intercepting the traffic’ and ‘injecting the weaponized payload’ and I’m thinking ‘holy $$$$ what are they even talking about?’
Spend like an hour reading and realize its just simple changing the url to change the request to break the back end. I laughed, why the heck dont they say that from the beginning? Not as cool I guess? It seriously makes it hard as a beginner.