Where to start

Viewing 4 reply threads
  • Author
    Posts
    • #6942
      excessface
      Participant

      How do,

      Just started looking into the long path needed to get experience and skills in this field. Wondering which way to go first. My back ground is web develpment and microsoft focused at that, .net and SQL. I’ve moved away from development and into design and was seconded into our security team to help with firewall analysis and some other bits around PCI certification. This has totally given me a new sense of what I want out of a career in IT and I’m a bit like rabbit in headlights at the moment. I’m mostly after some advice on which way to go to start out. My inclination is to start close to home and focus on Web App Security and wondered what would be the best course of action. I’m not really fussed about certification yet, I want to learn and develop skills that are going to benefit me and my company. Any advice on books, tutorials, toolsets and skills to practice so I don’t have to rely on pre-packaged tools? Is there any information on what the basics are?

      Any advice would be amazin.

    • #43126
      impelse
      Participant

      Welcome to the forum, yep web application would fit with you considering your background, there are good books about the web application and the http://www.elearnsecurity.com/ the focus in web security.

      When you begin to read I think you would take it very easy, and remember what you did with web development and how to by pass the security and how to protect.

    • #43127
      idr0p
      Participant

      Here are some books to help:

      The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws 2nd Edition – Dafydd Stuttard (Author), Marcus Pinto (Author)
      ^ big book just came out. Helped me alot with my GWAPT certification.

      HACKING EXPOSED WEB APPLICATIONS, 3rd Edition by Joel Scambray, Vincent Liu and Caleb Sima
      ^ Dont know much about this one. It has good reviews on amazon.

    • #43128
      hurtl0cker
      Participant

      idr0p mentioned the best books on web application security.

      Regarding other resources, OWASP has some rich content regarding Web Apps Security. https://www.owasp.org/

      And they are some deliberately vulnerable applications available, that lets you practice your skills on. Take a look at Webgoat, Metasploitable.
      http://www.metasploit.com/about/how-do-i-use-it/test-lab.jsp

    • #43129
      p0et
      Participant

      Here’s a good list of some vulnerable web app’s for learning with.  http://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applications-for-learning/

      There’s many good tutorials on Youtube for webgoat/webscarab.

Viewing 4 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?