Home page logo

pen-test logo Penetration Testing mailing list archives

Hacking and Building Web Applications
From: "Swaminathan, Balaji" <Balaji.Swaminathan () kla-tencor com>
Date: Mon, 4 Jan 2010 20:46:40 +0530

Hi all,

 Just started learning abt penetrating Web applications since last 1
month which is going to be my part of job shortly. To start with, I am
basically not from the programming background. So spending time in
learning them starting with Javascript, ASP, SQL, PHP etc (assuming that
I am going in the correct way). But the chances of testing the Web Apps
will not be much more due to the constraints put forward by my client.
So I am planning to build some web apps (probably vulnerable....!) on my
own and trying to hack into it. From the testing point of view, I am
going through OWASP 2007 standards and some by SANS. I feel the OWASP
methodology to be pretty self-explanatory, easier and good in concept
wise. Also I am following Web Applications Hacker's Handbook, which also
seems to be a good source.


Ofcourse, there will be much more things that needs to be known, that
what I am learning right now. One more fact from my side is, I am not
learning from from a pure developer point of view concentrating on
things like Flash, Animation, Presentation etc. I mean not from the
desgining perspective, but rather from a "logical n concept oriented
angle" (something like Session script, Cookie generating scipt etc) that
helps to test, analyze and hack Web Apps. 


Please do suggest:


What are the prog languages that needs to be known and probably with
some good online sources, that can help me in learning them as quick as

Requirements, Considerations and methodologies in designing web

Testing and Hacking Methodologies (similar to OWASP, SANS etc) 

Is there any other things that needs to be focused? 

Would be really grateful if you can help me out in this. Thanks in



Balaji Swaminathan .M

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]