Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Hacking and Building Web Applications
From: "Swaminathan, Balaji" <Balaji.Swaminathan () kla-tencor com>
Date: Thu, 7 Jan 2010 17:40:53 +0530

HI,

Can you please brief me on why it is not advisable to frame and hack our own applications? Why I am concerned here is, 
I guess it will help me understand the code behind the logic to some moderate extent and hence and facilitates the code 
review process. Please advise. Also any best testing methodology look into...?

Regards,

Balaji Swaminathan .M



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Morgan Reed
Sent: Tuesday, January 05, 2010 6:26 PM
To: Swaminathan, Balaji
Cc: pen-test () securityfocus com
Subject: Re: Hacking and Building Web Applications

On Tue, Jan 5, 2010 at 02:16, Swaminathan, Balaji
<Balaji.Swaminathan () kla-tencor com> wrote:
 Just started learning abt penetrating Web applications since last 1
month which is going to be my part of job shortly. To start with, I am
basically not from the programming background. So spending time in
learning them starting with Javascript, ASP, SQL, PHP etc (assuming that
I am going in the correct way). But the chances of testing the Web Apps
will not be much more due to the constraints put forward by my client.
So I am planning to build some web apps (probably vulnerable....!) on my
own and trying to hack into it. From the testing point of view, I am
going through OWASP 2007 standards and some by SANS. I feel the OWASP
methodology to be pretty self-explanatory, easier and good in concept
wise. Also I am following Web Applications Hacker's Handbook, which also
seems to be a good source.

Writing and exploiting your own Web Applications is not likely to
provide a particularly good outcome learning wise. Go look at the
following.
The Hacme series of web applications from Foundstone
<http://www.foundstone.com/us/resources-free-tools.asp>
Damn Vulnerable Linux also has a number of exploitable web
applications <http://www.damnvulnerablelinux.org/>

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]