HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 57 guests and 2 members online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow General Certificationarrow Securityarrow Advise wanted For next step
EH-Net
May 21, 2013, 12:38:41 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Advise wanted For next step  (Read 2943 times)
0 Members and 1 Guest are viewing this topic.
charliemong
Newbie
*
Offline Offline

Posts: 22



View Profile
« on: September 01, 2010, 09:07:09 AM »
Hi Guys,

As I have mentioned in my other post am looking to move into Pen testing. Could someone give me some pointers in the right Direction? The CEH from what I have read on here and other forums falls flat on practical hands on learning. The OSCP seems to be a more hands on learning experience. Since joining this web site I have been looking into SQL injection and a few other things which I have been having a ball with.

I am interested in advice and some pointers as to which route I should take. I have also picked up on learning python properly. I know I have a long route in front of me but enjoy learning and practicing stuff.

Thanks in advance
Logged
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu
MaXe
Hero Member
*****
Offline Offline

Posts: 669


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #1 on: September 01, 2010, 09:21:39 AM »
If you want hands-on (practical) experience then I can only advise you to do the OSCP course  Grin

If you don't feel ready for the course then I suggest some self-study and if you're into SQL Injection and similar (Web Application Security) then you should begin to learn a Dynamic Web Language such as PHP or ASP in order to understand the vulnerabilities even better if you don't already know these.

When you know this and of course HTML too, then it's easier to understand how the vulnerabilities work, why they exist, how to find them and how to patch them  Wink

That's just my recommendations though  Smiley
Logged
I'm an InterN0T'er
charliemong
Newbie
*
Offline Offline

Posts: 22



View Profile
« Reply #2 on: September 01, 2010, 10:06:12 AM »
OSCP it is then. Will get my head in lots of books and VM's before i even look at booking this.
Logged
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu
Ketchup
Hero Member
*****
Offline Offline

Posts: 1021



View Profile
« Reply #3 on: September 01, 2010, 05:20:30 PM »
OSCP is great.   I also think that some self-study will help you with web app security.  For example, you can look into Damn Vulnerable Web Application.  It has your typical web app vulnerabilities.  There are also sites like hackthissite.org.  that offer tutorials and missions for hacking web apps. 
Logged
~~~~~~~~~~~~~~
Ketchup
charliemong
Newbie
*
Offline Offline

Posts: 22



View Profile
« Reply #4 on: September 02, 2010, 05:48:04 AM »
Hi ketchup,

Have spent the last 2 nights on the hackthissite.org One of the lads at work mentioned it. Its a really cool site and have been going through some of the tutorials. Have just downloaded the Damn Vulnerable Web Application at work and will be having a play with it on me lunch. Can you point me at any books that will get me thinking??

Seem to be reading too much online and some books will be good for just before bed.
Logged
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu
UNIX
Hero Member
*****
Offline Offline

Posts: 1235


View Profile
« Reply #5 on: September 02, 2010, 06:25:07 AM »
You could take a look at the book reviews section. There are quite a few must-reads in my opinion, but it really depends on which aspect of security you are interested in.

Regarding web security I can certainly recommend The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.065 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.