- This topic has 6 replies, 6 voices, and was last updated 11 years, 5 months ago by
.
-
Posts
-
-
Hello Everyone,
I’m currently working as a security analyst that performs only network or system based security (OS, Firewalls, IPS, Anti-Virus, content filtering, encryption, etc.), but have no experience with programming or databases. I read about many of these web vulnerabilities, but don’t have the background to fully grasp them. My question is, in order to become a better security analyst what should I learn and where do I start? Right now I’m more interested in understanding vulnerabilities through web attacks if that helps. I’m very new to this side of security 🙂
Thanks
-
If you are interested in web-security you may take a closer look at such topics as SQL Injection (SQL in general may help you too), Cross-site scripting (XSS) and Cross-Site Request Forgery (XSRF/ CSRF).
For testing I can recommend Damn Vulnerable Web App whos author is here in the boards too, WebGOAT and OWASP in general.
Also take a lookg at irongeek’s Mutillidae and the Hacme series from Foundstone. -
-
Thank You everyone!! I took C++ in college, but haven’t used it in years. If I was going to start from basics on web security (taking on SQL later on) what books would you recomend for someone who wanted to start getting into web security? I’ve spent some time on amazon looking up some books, but I’ve been slightly intimdated by which books to purchase and which areas to focus on. Can someone push me in the right direction or maybe even a recomened path? Thanks for all the help already!!
-
-
Well my suggestion is to learn xhtml and a little css and javascript if you haven’t already. Then try php and mysql.
Common methods that I’ve seen or used for hacking are: SQL injection, PHP session hijacking, you can get code on the server through file upload forms, idk just do a search on common website vulnerabilities….
edit: also I forgot. this site has some good stuff with web hacking.
-
-
- You must be logged in to reply to this topic.
