.

Just another guy asking suggestions for learning the basics os Web-Exploitation

<<

manoj9372

Jr. Member
Jr. Member

Posts: 72

Joined: Mon Oct 05, 2009 8:54 am

Post Thu Nov 11, 2010 4:14 am

Just another guy asking suggestions for learning the basics os Web-Exploitation

As the title says ,i am looking forward to build some strong base in learning Web-Application hacking and exploitation,

For now i am not looking for advanced stuff such as understanding coding,playing inside xamp and wamp locally,

I am just interested in understanding about the basics of those attacks
and how it works? like that...

for now i am looking specifickly to understand basics of the following,
just basics because once i understood the basics of these attacks,

1)sql
2)blind sqli
3)Directory traversal attacks
4)xss
5)CSRF
6)basics of WAF
7)bacis working operation of shells
8)log-in authentication bypass
9)working of WebApplication firewalls and how it is implemented..

I know for sql and blind sqli i can find lot of materials on here and also on hackforums,but my concern is they are mostly looking forward to attack the site instead of focusing on the basic operations of it works..

So please give me some advice/guidance based on your personal experience,...


Hope i will get some specific advice  ;D


Note:I am not a coder ...
<<

MindOverMatter

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Oct 27, 2010 7:57 pm

Post Thu Nov 11, 2010 4:41 am

Re: Just another guy asking suggestions for learning the basics os Web-Exploitation

Hi manoj9372,

I know you said you wanted some specific advice, so my post may not be much of a help.

However, I can say that some of the best Web-Application content I've seen is the module by Armando at eLearnSecurity..  I'm actually going through it now and it is very good, in depth, yet easy to understand and step by step.

Of course it's not free, other than the SQL Injection portion, but it is worth it in my opinion.  This is coming from someone without a Web Application background, plus many on the forum here have said that it is the strongest compared to other courses.

Just my 2 cents, but hope you get the advice you're looking for.
A+, Network+, Security+, CIW Associate, CCNA, C|EH
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Thu Nov 11, 2010 6:15 am

Re: Just another guy asking suggestions for learning the basics os Web-Exploitation

I'd recommend "The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws", which is a great book. As it seems you have very little knowledge in these areas, it's probably too advanced for you at this point, as you should already be familiar with some related topics.

For now i am not looking for advanced stuff such as understanding coding,playing inside xamp and wamp locally,


I think you got it wrong - attacking systems are not really the basics, but rather are programming, system administration etc. If you are straight going for attacking systems without really understanding how they work, you are missing a very big picture.

Maybe you might read "Hacking For Dummies" which is sometimes recommended here at EH-Net to newcomers. I haven't read it personally though, so I can't affirm this recommendation.
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Thu Nov 11, 2010 8:49 am

Re: Just another guy asking suggestions for learning the basics os Web-Exploitation

MindOverMatter wrote:This is coming from someone without a Web Application background, plus many on the forum here have said that it is the strongest compared to other courses.


Looks like I have to do some serious work soon then  ;D Something for people already knowing Web App Sec  ;)
I'm an InterN0T'er
<<

MindOverMatter

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Oct 27, 2010 7:57 pm

Post Thu Nov 11, 2010 11:51 am

Re: Just another guy asking suggestions for learning the basics os Web-Exploitation

MaXe wrote:
MindOverMatter wrote:This is coming from someone without a Web Application background, plus many on the forum here have said that it is the strongest compared to other courses.


Looks like I have to do some serious work soon then  ;D Something for people already knowing Web App Sec  ;)


I'm confused by what you mean, I think I have MatterOverMind, due to some overdosage of morning Cinamon Toast Crunch...
Last edited by MindOverMatter on Thu Nov 11, 2010 11:58 am, edited 1 time in total.
A+, Network+, Security+, CIW Associate, CCNA, C|EH
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Thu Nov 11, 2010 4:19 pm

Re: Just another guy asking suggestions for learning the basics os Web-Exploitation

MindOverMatter wrote:
MaXe wrote:
MindOverMatter wrote:This is coming from someone without a Web Application background, plus many on the forum here have said that it is the strongest compared to other courses.


Looks like I have to do some serious work soon then  ;D Something for people already knowing Web App Sec  ;)


I'm confused by what you mean, I think I have MatterOverMind, due to some overdosage of morning Cinamon Toast Crunch...


Excuse me for being cryptic, what I meant was a course meant for pros at Web App Sec :)

I know it sounds cryptic, but hehe nevermind  ;D Forget what I said :-P
I'm an InterN0T'er

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software