Programming for Network Security analyst?

Viewing 6 reply threads
  • Author
    Posts
    • #4025
      scucci
      Participant

      Hello Everyone,

      I’m currently working as a security analyst that performs only network or system based security (OS, Firewalls, IPS, Anti-Virus, content filtering, encryption, etc.), but have no experience with programming or databases.  I read about many of these web vulnerabilities, but don’t have the background to fully grasp them. My question is, in order to become a better security analyst what should I learn and where do I start? Right now I’m more interested in understanding vulnerabilities through web attacks if that helps. I’m very new to this side of security 🙂

      Thanks

    • #25637
      UNIX
      Participant

      If you are interested in web-security you may take a closer look at such topics as SQL Injection (SQL in general may help you too), Cross-site scripting (XSS) and Cross-Site Request Forgery (XSRF/ CSRF).

      For testing I can recommend Damn Vulnerable Web App whos author is here in the boards too, WebGOAT and OWASP in general.
      Also take a lookg at irongeek’s Mutillidae and the Hacme series from Foundstone.

    • #25638
      Ketchup
      Participant

      Actually knowing SQL, both general, and RDBMS-specific will be a great plus here.  PHP, ASP, VB, JavaScript, etc, are all very beneficial if you are going to get into web app security.  If you have any programming background, I think these are all very easy to pick up, and rather quickly. 

    • #25639
      scucci
      Participant

      Thank You everyone!! I took C++ in college, but haven’t used it in years. If I was going to start from basics on web security (taking on SQL later on) what books would you recomend for someone who wanted to start getting into web security? I’ve spent some time on amazon looking up some books, but I’ve been slightly intimdated by which books to purchase and which areas to focus on. Can someone push me in the right direction or maybe even a recomened path? Thanks for all the help already!!

    • #25640
      putosusio
      Participant

      Try what awesec has suggested.  A google search will get you all the info you need.

      I like webgoat because its more than just a book that teaches you theory, it actually has hands on labs that will reinforce the lessons.

    • #25641
      Anonymous
      Participant

      Well my suggestion is to learn xhtml and a little css and javascript if you haven’t already.  Then try php and mysql.

      http://w3schools.com

      Common methods that I’ve seen or used for hacking are: SQL injection, PHP session hijacking, you can get code on the server through file upload forms, idk just do a search on common website vulnerabilities….

      edit: also I forgot. this site has some good stuff with web hacking.

      http://hackthissite.org

    • #25642
      jason
      Participant

      Perl and phython are always useful as well…

Viewing 6 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?