Penetration Testing mailing list archives

RE: Hacking and Building Web Applications

From: "Swaminathan, Balaji" <Balaji.Swaminathan () kla-tencor com>
Date: Thu, 7 Jan 2010 17:30:24 +0530


Thanks. How about trying Xmapp and Damn Vulnerable Web Application and
testing them? I came to know about this from someone. Also is OWASP the
best methodology to follow? 

Regards,

Balaji Swaminathan .M



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of J. Bakshi
Sent: Tuesday, January 05, 2010 6:14 AM
To: Swaminathan, Balaji
Cc: pen-test () securityfocus com
Subject: Re: Hacking and Building Web Applications

On Mon, 4 Jan 2010 20:46:40 +0530
"Swaminathan, Balaji" <Balaji.Swaminathan () kla-tencor com> wrote:

<snip>

Hi all,

 Just started learning abt penetrating Web applications since last 1
month which is going to be my part of job shortly. To start with, I am
basically not from the programming background. So spending time in
learning them starting with Javascript, ASP, SQL, PHP etc (assuming

Testing and Hacking Methodologies (similar to OWASP, SANS etc)

</snip>

- To check the webserevr for security hole you can use nikto
- To check the server for hole you can use openvas
- Try bcktrack distro.

Thanks


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

RE: Pentesting lab, (continued)
- RE: Pentesting lab Swaminathan, Balaji (Jan 04)
  - Re: Pentesting lab s3c.b3n (Jan 04)
  - RE: Pentesting lab Elliot Fernandes (Jan 04)
    - RE: Pentesting lab Swaminathan, Balaji (Jan 04)
    - RE: Pentesting lab Elliot Fernandes (Jan 05)
    - Hacking and Building Web Applications Swaminathan, Balaji (Jan 05)
    - Re: Hacking and Building Web Applications Morgan Reed (Jan 06)
    - RE: Hacking and Building Web Applications Swaminathan, Balaji (Jan 11)
    - Re: Hacking and Building Web Applications Morgan Reed (Jan 11)
    - Re: Hacking and Building Web Applications J. Bakshi (Jan 06)
    - RE: Hacking and Building Web Applications Swaminathan, Balaji (Jan 11)
    - Re: Pentesting lab charles watathi (Jan 06)
    - Re: Pentesting lab s3c.b3n (Jan 11)
    - Re: Pentesting lab s3c.b3n (Jan 11)
  - Re: Pentesting lab Prince Pro (Jan 05)
    - Re: Pentesting lab s3c.b3n (Jan 11)