As the title says ,i am looking forward to build some strong base in learning Web-Application hacking and exploitation,

For now i am not looking for advanced stuff such as understanding coding,playing inside xamp and wamp locally,

I am just interested in understanding about the basics of those attacks
and how it works? like that...

for now i am looking specifickly to understand basics of the following,
just basics because once i understood the basics of these attacks,

1)sql
2)blind sqli
3)Directory traversal attacks
4)xss
5)CSRF
6)basics of WAF
7)bacis working operation of shells
8)log-in authentication bypass
9)working of WebApplication firewalls and how it is implemented..

I know for sql and blind sqli i can find lot of materials on here and also on hackforums,but my concern is they are mostly looking forward to attack the site instead of focusing on the basic operations of it works..

So please give me some advice/guidance based on your personal experience,...


Hope i will get some specific advice 


Note:I am not a coder ...

I'd recommend "The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws", which is a great book. As it seems you have very little knowledge in these areas, it's probably too advanced for you at this point, as you should already be familiar with some related topics.


I think you got it wrong - attacking systems are not really the basics, but rather are programming, system administration etc. If you are straight going for attacking systems without really understanding how they work, you are missing a very big picture.

Maybe you might read "Hacking For Dummies" which is sometimes recommended here at EH-Net to newcomers. I haven't read it personally though, so I can't affirm this recommendation.

I'm confused by what you mean, I think I have MatterOverMind, due to some overdosage of morning Cinamon Toast Crunch...