Penetration Testing mailing list archives
Re: Hacking and Building Web Applications
From: Morgan Reed <morgan.s.reed () gmail com>
Date: Wed, 6 Jan 2010 13:25:39 +1100
On Tue, Jan 5, 2010 at 02:16, Swaminathan, Balaji <Balaji.Swaminathan () kla-tencor com> wrote:
Just started learning abt penetrating Web applications since last 1 month which is going to be my part of job shortly. To start with, I am basically not from the programming background. So spending time in learning them starting with Javascript, ASP, SQL, PHP etc (assuming that I am going in the correct way). But the chances of testing the Web Apps will not be much more due to the constraints put forward by my client. So I am planning to build some web apps (probably vulnerable....!) on my own and trying to hack into it. From the testing point of view, I am going through OWASP 2007 standards and some by SANS. I feel the OWASP methodology to be pretty self-explanatory, easier and good in concept wise. Also I am following Web Applications Hacker's Handbook, which also seems to be a good source.
Writing and exploiting your own Web Applications is not likely to provide a particularly good outcome learning wise. Go look at the following. The Hacme series of web applications from Foundstone <http://www.foundstone.com/us/resources-free-tools.asp> Damn Vulnerable Linux also has a number of exploitable web applications <http://www.damnvulnerablelinux.org/> ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Pentesting lab chr1x (Jan 04)
- <Possible follow-ups>
- RE: Pentesting lab Swaminathan, Balaji (Jan 04)
- Re: Pentesting lab s3c.b3n (Jan 04)
- RE: Pentesting lab Elliot Fernandes (Jan 04)
- RE: Pentesting lab Swaminathan, Balaji (Jan 04)
- RE: Pentesting lab Elliot Fernandes (Jan 05)
- Hacking and Building Web Applications Swaminathan, Balaji (Jan 05)
- Re: Hacking and Building Web Applications Morgan Reed (Jan 06)
- RE: Hacking and Building Web Applications Swaminathan, Balaji (Jan 11)
- Re: Hacking and Building Web Applications Morgan Reed (Jan 11)
- Re: Hacking and Building Web Applications J. Bakshi (Jan 06)
- RE: Hacking and Building Web Applications Swaminathan, Balaji (Jan 11)
- Re: Pentesting lab charles watathi (Jan 06)
- Re: Pentesting lab s3c.b3n (Jan 11)
- Re: Pentesting lab s3c.b3n (Jan 11)
- Re: Pentesting lab s3c.b3n (Jan 11)