Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Hacking and Building Web Applications
From: Morgan Reed <morgan.s.reed () gmail com>
Date: Wed, 6 Jan 2010 13:25:39 +1100

On Tue, Jan 5, 2010 at 02:16, Swaminathan, Balaji
<Balaji.Swaminathan () kla-tencor com> wrote:
 Just started learning abt penetrating Web applications since last 1
month which is going to be my part of job shortly. To start with, I am
basically not from the programming background. So spending time in
learning them starting with Javascript, ASP, SQL, PHP etc (assuming that
I am going in the correct way). But the chances of testing the Web Apps
will not be much more due to the constraints put forward by my client.
So I am planning to build some web apps (probably vulnerable....!) on my
own and trying to hack into it. From the testing point of view, I am
going through OWASP 2007 standards and some by SANS. I feel the OWASP
methodology to be pretty self-explanatory, easier and good in concept
wise. Also I am following Web Applications Hacker's Handbook, which also
seems to be a good source.

Writing and exploiting your own Web Applications is not likely to
provide a particularly good outcome learning wise. Go look at the
The Hacme series of web applications from Foundstone
Damn Vulnerable Linux also has a number of exploitable web
applications <http://www.damnvulnerablelinux.org/>

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]