.

Advise wanted For next step

<<

charliemong

User avatar

Newbie
Newbie

Posts: 27

Joined: Wed Aug 25, 2010 10:49 am

Location: UK

Post Wed Sep 01, 2010 9:07 am

Advise wanted For next step

Hi Guys,

As I have mentioned in my other post am looking to move into Pen testing. Could someone give me some pointers in the right Direction? The CEH from what I have read on here and other forums falls flat on practical hands on learning. The OSCP seems to be a more hands on learning experience. Since joining this web site I have been looking into SQL injection and a few other things which I have been having a ball with.

I am interested in advice and some pointers as to which route I should take. I have also picked up on learning python properly. I know I have a long route in front of me but enjoy learning and practicing stuff.

Thanks in advance
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Wed Sep 01, 2010 9:21 am

Re: Advise wanted For next step

If you want hands-on (practical) experience then I can only advise you to do the OSCP course  ;D

If you don't feel ready for the course then I suggest some self-study and if you're into SQL Injection and similar (Web Application Security) then you should begin to learn a Dynamic Web Language such as PHP or ASP in order to understand the vulnerabilities even better if you don't already know these.

When you know this and of course HTML too, then it's easier to understand how the vulnerabilities work, why they exist, how to find them and how to patch them  ;)

That's just my recommendations though  :)
I'm an InterN0T'er
<<

charliemong

User avatar

Newbie
Newbie

Posts: 27

Joined: Wed Aug 25, 2010 10:49 am

Location: UK

Post Wed Sep 01, 2010 10:06 am

Re: Advise wanted For next step

OSCP it is then. Will get my head in lots of books and VM's before i even look at booking this.
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed Sep 01, 2010 5:20 pm

Re: Advise wanted For next step

OSCP is great.  I also think that some self-study will help you with web app security.  For example, you can look into Damn Vulnerable Web Application.  It has your typical web app vulnerabilities.  There are also sites like hackthissite.org.  that offer tutorials and missions for hacking web apps. 
~~~~~~~~~~~~~~
Ketchup
<<

charliemong

User avatar

Newbie
Newbie

Posts: 27

Joined: Wed Aug 25, 2010 10:49 am

Location: UK

Post Thu Sep 02, 2010 5:48 am

Re: Advise wanted For next step

Hi ketchup,

Have spent the last 2 nights on the hackthissite.org One of the lads at work mentioned it. Its a really cool site and have been going through some of the tutorials. Have just downloaded the Damn Vulnerable Web Application at work and will be having a play with it on me lunch. Can you point me at any books that will get me thinking??

Seem to be reading too much online and some books will be good for just before bed.
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Thu Sep 02, 2010 6:25 am

Re: Advise wanted For next step

You could take a look at the book reviews section. There are quite a few must-reads in my opinion, but it really depends on which aspect of security you are interested in.

Regarding web security I can certainly recommend The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws.

Return to Security

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software