Where to start




Posts: 1

Joined: Sun Oct 23, 2011 3:39 pm

Post Sun Oct 23, 2011 3:55 pm

Where to start

How do,

Just started looking into the long path needed to get experience and skills in this field. Wondering which way to go first. My back ground is web develpment and microsoft focused at that, .net and SQL. I've moved away from development and into design and was seconded into our security team to help with firewall analysis and some other bits around PCI certification. This has totally given me a new sense of what I want out of a career in IT and I'm a bit like rabbit in headlights at the moment. I'm mostly after some advice on which way to go to start out. My inclination is to start close to home and focus on Web App Security and wondered what would be the best course of action. I'm not really fussed about certification yet, I want to learn and develop skills that are going to benefit me and my company. Any advice on books, tutorials, toolsets and skills to practice so I don't have to rely on pre-packaged tools? Is there any information on what the basics are?

Any advice would be amazin.
Last edited by excessface on Sun Oct 23, 2011 4:41 pm, edited 1 time in total.


Hero Member
Hero Member

Posts: 619

Joined: Mon Feb 16, 2009 3:40 pm

Post Sun Oct 23, 2011 11:05 pm

Re: Where to start

Welcome to the forum, yep web application would fit with you considering your background, there are good books about the web application and the http://www.elearnsecurity.com/ the focus in web security.

When you begin to read I think you would take it very easy, and remember what you did with web development and how to by pass the security and how to protect.
CCNA, Security+, 70-290, 70-291
CCNA Security
Online Pentest lab: http://www.thehost1.com/
Blog: http://blog.thehost1.com/



Posts: 49

Joined: Fri Jun 17, 2011 8:46 pm

Post Mon Oct 24, 2011 12:58 am

Re: Where to start

Here are some books to help:

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition - Dafydd Stuttard (Author), Marcus Pinto (Author)
^ big book just came out. Helped me alot with my GWAPT certification.

HACKING EXPOSED WEB APPLICATIONS, 3rd Edition by Joel Scambray, Vincent Liu and Caleb Sima
^ Dont know much about this one. It has good reviews on amazon.


User avatar

Jr. Member
Jr. Member

Posts: 73

Joined: Thu Nov 18, 2010 10:09 am

Location: WWW

Post Mon Oct 24, 2011 2:49 am

Re: Where to start

idr0p mentioned the best books on web application security.

Regarding other resources, OWASP has some rich content regarding Web Apps Security. https://www.owasp.org/

And they are some deliberately vulnerable applications available, that lets you practice your skills on. Take a look at Webgoat, Metasploitable.
http://www.metasploit.com/about/how-do- ... st-lab.jsp
Last edited by hurtl0cker on Mon Oct 24, 2011 2:52 am, edited 1 time in total.
“Knowing is not enough; we must apply. Willing is not enough: we must do.”
- Bruce Lee


User avatar

Full Member
Full Member

Posts: 197

Joined: Thu Nov 02, 2006 4:38 pm

Location: Victoria, Canada

Post Thu Oct 27, 2011 3:46 pm

Re: Where to start

Here's a good list of some vulnerable web app's for learning with.  http://securitythoughts.wordpress.com/2 ... -learning/

There's many good tutorials on Youtube for webgoat/webscarab.
GCIH, Security+, Network+, A+, MCP, DCSE

Return to Career Central

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software