- This topic has 16 replies, 9 voices, and was last updated 9 years, 6 months ago by
.
-
Posts
-
-
-
-
-
And legal issues Β π If you’re a total newbie, you can A) Search forums (and blogs) for tutorials on Web Application Security; B) Read The Web Application Hackers Handbook.
Both things are worth doing, even though I didn’t read the second one, it certainly did look interesting Β π I think reading that book will probably be a shortcut to most, to get most of the basics and even some more advanced stuff.
When you’re ready to dive into the more advanced stuff, with or without programming knowledge, you need to find some good resources for web app sec like ha.ckers.org, etc. Β π (Find them yourself, you should. If you’re going to become a real hardcore web app hacker.)
And last but not least, learn how to spot coding errors in e.g. PHP scripts so you can find 0days yourself as well. Sometimes, it’s boring to look through a billion lines of code, but then you can alternatively grab a copy of the web app, install it on your own server, test it for vulnerabilities Β π (With your own methods, NO automated scanners. In most popular web app’s they wouldn’t do any good except waste your time. This doesn’t apply to addons for popular web apps, as the addons are often vulnerable.)
PS:
@CTRLS wrote:Well I know most of that but isnt there more to it
There’s A LOT more to it thank you think!Β ;D
Create something like this: http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/
Video: http://www.youtube.com/watch?v=B6QAjB3kYecThat’s pretty much when I go in-depth with my skills, to prove that even XSS can be deadly if you just use your knowledge (and imagination) right.
Reference: http://www.exploit-db.com/category/maxe/
-
-
-
-
-
-
@MaXe wrote:
Read The Web Application Hackers Handbook.
I want to read that book. Looks and sounds better than Hacking Exposed: Web Applications 3rd Edition (granted I’ve only thumbed the other one and going on what I’ve heard here). Not that I’m knocking HE:WA3E.
Anyway the new edition of The Web Application Hackers Handbook is due out in September. I’m waiting til then to order.
-
-
-
-
@CTRLS wrote:
Is it neccesary to learn reverse enigeneering (my bad abou the speling im at school)
It’s good to learn about, but don’t start with this unless you want to go deep straight ahead. Reverse engineering PHP applications is not really necessary, but reverse engineering flash scripts may become useful in some cases, including java applications as well. (With PHP scripts you either have the source and search through it for errors, or you fuzz all possible user-input fields, or combine both!)
@CTRLS wrote:
Is CSS required to know while hacking???
i havn’t really looked at it :/Cascading Style Sheets I presume you’re referring to, and not XSS (Cross-Site Scripting). You won’t use it that much, but for XSS it can prove very useful to know about. Sometimes, a CSS file may contain hidden directories as well and generally it is very easy to learn, as the CSS language is very easy.
JavaScript on the other hand, which is not the same as Java at all, may take some time to learn.Β π
-
@MaXe wrote:
When you’re ready to dive into the more advanced stuff, with or without programming knowledge, you need to find some good resources for web app sec like ha.ckers.org, etc. Β π (Find them yourself, you should. If you’re going to become a real hardcore web app hacker.)
maxe, could you provide more links for resources?
thank you
-
-
-
- You must be logged in to reply to this topic.
