Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Hacking and Building Web Applications
From: Morgan Reed <morgan.s.reed () gmail com>
Date: Sun, 10 Jan 2010 14:47:59 +1100

On Thu, Jan 7, 2010 at 23:10, Swaminathan, Balaji
<Balaji.Swaminathan () kla-tencor com> wrote:
Can you please brief me on why it is not advisable to frame and hack our own applications? Why I am concerned here 
is, I guess it will help me understand the code behind the logic to some moderate extent and hence and facilitates 
the code review process. Please advise. Also any best testing methodology look into...?

It is not advisable to hack your own applications because this will
severely limit your exposure to different kinds of vulnerabilities,
and if you are deliberately introducing exploitable bugs you will
already know where/what they are, in a real world scenario much of
your testing will be "black box".

The other benefit of using Hacme/DVL is that their bugs are cataloged
and well documented, this means you have a metric you can use to
quantify your progress.

Certainly writing a few web applications is a good way to get the
basics down with regards to HOW they work, but I wouldn't recommend
you use this as the main part of the learning process.

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]