Penetration Testing mailing list archives
Re: Hacking and Building Web Applications
From: Morgan Reed <morgan.s.reed () gmail com>
Date: Sun, 10 Jan 2010 14:47:59 +1100
On Thu, Jan 7, 2010 at 23:10, Swaminathan, Balaji <Balaji.Swaminathan () kla-tencor com> wrote:
Can you please brief me on why it is not advisable to frame and hack our own applications? Why I am concerned here is, I guess it will help me understand the code behind the logic to some moderate extent and hence and facilitates the code review process. Please advise. Also any best testing methodology look into...?
It is not advisable to hack your own applications because this will severely limit your exposure to different kinds of vulnerabilities, and if you are deliberately introducing exploitable bugs you will already know where/what they are, in a real world scenario much of your testing will be "black box". The other benefit of using Hacme/DVL is that their bugs are cataloged and well documented, this means you have a metric you can use to quantify your progress. Certainly writing a few web applications is a good way to get the basics down with regards to HOW they work, but I wouldn't recommend you use this as the main part of the learning process. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Pentesting lab chr1x (Jan 04)
- <Possible follow-ups>
- RE: Pentesting lab Swaminathan, Balaji (Jan 04)
- Re: Pentesting lab s3c.b3n (Jan 04)
- RE: Pentesting lab Elliot Fernandes (Jan 04)
- RE: Pentesting lab Swaminathan, Balaji (Jan 04)
- RE: Pentesting lab Elliot Fernandes (Jan 05)
- Hacking and Building Web Applications Swaminathan, Balaji (Jan 05)
- Re: Hacking and Building Web Applications Morgan Reed (Jan 06)
- RE: Hacking and Building Web Applications Swaminathan, Balaji (Jan 11)
- Re: Hacking and Building Web Applications Morgan Reed (Jan 11)
- Re: Hacking and Building Web Applications J. Bakshi (Jan 06)
- RE: Hacking and Building Web Applications Swaminathan, Balaji (Jan 11)
- Re: Pentesting lab charles watathi (Jan 06)
- Re: Pentesting lab s3c.b3n (Jan 11)
- Re: Pentesting lab s3c.b3n (Jan 11)
- Re: Pentesting lab s3c.b3n (Jan 11)