October 23, 2011 at 8:55 pm #6942excessfaceParticipant
Just started looking into the long path needed to get experience and skills in this field. Wondering which way to go first. My back ground is web develpment and microsoft focused at that, .net and SQL. I’ve moved away from development and into design and was seconded into our security team to help with firewall analysis and some other bits around PCI certification. This has totally given me a new sense of what I want out of a career in IT and I’m a bit like rabbit in headlights at the moment. I’m mostly after some advice on which way to go to start out. My inclination is to start close to home and focus on Web App Security and wondered what would be the best course of action. I’m not really fussed about certification yet, I want to learn and develop skills that are going to benefit me and my company. Any advice on books, tutorials, toolsets and skills to practice so I don’t have to rely on pre-packaged tools? Is there any information on what the basics are?
Any advice would be amazin.
October 24, 2011 at 4:05 am #43126impelseParticipant
Welcome to the forum, yep web application would fit with you considering your background, there are good books about the web application and the http://www.elearnsecurity.com/ the focus in web security.
When you begin to read I think you would take it very easy, and remember what you did with web development and how to by pass the security and how to protect.
October 24, 2011 at 5:58 am #43127idr0pParticipant
Here are some books to help:
The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws 2nd Edition – Dafydd Stuttard (Author), Marcus Pinto (Author)
^ big book just came out. Helped me alot with my GWAPT certification.
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition by Joel Scambray, Vincent Liu and Caleb Sima
^ Dont know much about this one. It has good reviews on amazon.
October 24, 2011 at 7:49 am #43128hurtl0ckerParticipant
idr0p mentioned the best books on web application security.
Regarding other resources, OWASP has some rich content regarding Web Apps Security. https://www.owasp.org/
And they are some deliberately vulnerable applications available, that lets you practice your skills on. Take a look at Webgoat, Metasploitable.
October 27, 2011 at 8:46 pm #43129p0etParticipant
Here’s a good list of some vulnerable web app’s for learning with. http://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applications-for-learning/
There’s many good tutorials on Youtube for webgoat/webscarab.
- You must be logged in to reply to this topic.