Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hacking and Building Web Applications

From: Morgan Reed <morgan.s.reed () gmail com>
Date: Wed, 6 Jan 2010 13:25:39 +1100
On Tue, Jan 5, 2010 at 02:16, Swaminathan, Balaji
<Balaji.Swaminathan () kla-tencor com> wrote:

 Just started learning abt penetrating Web applications since last 1
month which is going to be my part of job shortly. To start with, I am
basically not from the programming background. So spending time in
learning them starting with Javascript, ASP, SQL, PHP etc (assuming that
I am going in the correct way). But the chances of testing the Web Apps
will not be much more due to the constraints put forward by my client.
So I am planning to build some web apps (probably vulnerable....!) on my
own and trying to hack into it. From the testing point of view, I am
going through OWASP 2007 standards and some by SANS. I feel the OWASP
methodology to be pretty self-explanatory, easier and good in concept
wise. Also I am following Web Applications Hacker's Handbook, which also
seems to be a good source.


Writing and exploiting your own Web Applications is not likely to
provide a particularly good outcome learning wise. Go look at the
following.
The Hacme series of web applications from Foundstone
<http://www.foundstone.com/us/resources-free-tools.asp>
Damn Vulnerable Linux also has a number of exploitable web
applications <http://www.damnvulnerablelinux.org/>

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: