Penetration Testing mailing list archives
Hacking and Building Web Applications
From: "Swaminathan, Balaji" <Balaji.Swaminathan () kla-tencor com>
Date: Mon, 4 Jan 2010 20:46:40 +0530
Hi all, Just started learning abt penetrating Web applications since last 1 month which is going to be my part of job shortly. To start with, I am basically not from the programming background. So spending time in learning them starting with Javascript, ASP, SQL, PHP etc (assuming that I am going in the correct way). But the chances of testing the Web Apps will not be much more due to the constraints put forward by my client. So I am planning to build some web apps (probably vulnerable....!) on my own and trying to hack into it. From the testing point of view, I am going through OWASP 2007 standards and some by SANS. I feel the OWASP methodology to be pretty self-explanatory, easier and good in concept wise. Also I am following Web Applications Hacker's Handbook, which also seems to be a good source. Ofcourse, there will be much more things that needs to be known, that what I am learning right now. One more fact from my side is, I am not learning from from a pure developer point of view concentrating on things like Flash, Animation, Presentation etc. I mean not from the desgining perspective, but rather from a "logical n concept oriented angle" (something like Session script, Cookie generating scipt etc) that helps to test, analyze and hack Web Apps. Please do suggest: What are the prog languages that needs to be known and probably with some good online sources, that can help me in learning them as quick as possible? Requirements, Considerations and methodologies in designing web applications Testing and Hacking Methodologies (similar to OWASP, SANS etc) Is there any other things that needs to be focused? Would be really grateful if you can help me out in this. Thanks in advance. Regards, Balaji Swaminathan .M ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Pentesting lab chr1x (Jan 04)
- <Possible follow-ups>
- RE: Pentesting lab Swaminathan, Balaji (Jan 04)
- Re: Pentesting lab s3c.b3n (Jan 04)
- RE: Pentesting lab Elliot Fernandes (Jan 04)
- RE: Pentesting lab Swaminathan, Balaji (Jan 04)
- RE: Pentesting lab Elliot Fernandes (Jan 05)
- Hacking and Building Web Applications Swaminathan, Balaji (Jan 05)
- Re: Hacking and Building Web Applications Morgan Reed (Jan 06)
- RE: Hacking and Building Web Applications Swaminathan, Balaji (Jan 11)
- Re: Hacking and Building Web Applications Morgan Reed (Jan 11)
- Re: Hacking and Building Web Applications J. Bakshi (Jan 06)
- RE: Hacking and Building Web Applications Swaminathan, Balaji (Jan 11)
- Re: Pentesting lab charles watathi (Jan 06)
- Re: Pentesting lab s3c.b3n (Jan 11)
- Re: Pentesting lab s3c.b3n (Jan 11)
- Re: Pentesting lab s3c.b3n (Jan 11)