EH-Net

As the title says ,i am looking forward to build some strong base in learning Web-Application hacking and exploitation,

For now i am not looking for advanced stuff such as understanding coding,playing inside xamp and wamp locally,

I am just interested in understanding about the basics of those attacks
and how it works? like that...

for now i am looking specifickly to understand basics of the following,
just basics because once i understood the basics of these attacks,

1)sql
2)blind sqli
3)Directory traversal attacks
4)xss
5)CSRF
6)basics of WAF
7)bacis working operation of shells
8)log-in authentication bypass
9)working of WebApplication firewalls and how it is implemented..

I know for sql and blind sqli i can find lot of materials on here and also on hackforums,but my concern is they are mostly looking forward to attack the site instead of focusing on the basic operations of it works..

So please give me some advice/guidance based on your personal experience,...


Hope i will get some specific advice  ;D


Note:I am not a coder ...

Hi manoj9372,

I know you said you wanted some specific advice, so my post may not be much of a help.

However, I can say that some of the best Web-Application content I've seen is the module by Armando at eLearnSecurity..  I'm actually going through it now and it is very good, in depth, yet easy to understand and step by step.

Of course it's not free, other than the SQL Injection portion, but it is worth it in my opinion.  This is coming from someone without a Web Application background, plus many on the forum here have said that it is the strongest compared to other courses.

Just my 2 cents, but hope you get the advice you're looking for.

I'd recommend "The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws", which is a great book. As it seems you have very little knowledge in these areas, it's probably too advanced for you at this point, as you should already be familiar with some related topics.


I think you got it wrong - attacking systems are not really the basics, but rather are programming, system administration etc. If you are straight going for attacking systems without really understanding how they work, you are missing a very big picture.

Maybe you might read "Hacking For Dummies" which is sometimes recommended here at EH-Net to newcomers. I haven't read it personally though, so I can't affirm this recommendation.

Looks like I have to do some serious work soon then  ;D Something for people already knowing Web App Sec  ;)

I'm confused by what you mean, I think I have MatterOverMind, due to some overdosage of morning Cinamon Toast Crunch...

Excuse me for being cryptic, what I meant was a course meant for pros at Web App Sec :)

I know it sounds cryptic, but hehe nevermind  ;D Forget what I said :-P